X-Git-Url: http://git.sourceforge.jp/view?p=nucleus-jp%2Fnucleus-jp-ancient.git;a=blobdiff_plain;f=utf8%2Fnucleus%2Flibs%2FBAN.php;h=972f33b739a59a4ec97a80a565c74e98c5e6537c;hp=d7271b03b84cd82e4c2c2a39048ecf27a19c289e;hb=7a9ab741d74fc3e819af9b1e23a2bb6a28e00297;hpb=1abade2c6f1ef6acdea5b904d930649a83893898

diff --git a/utf8/nucleus/libs/BAN.php b/utf8/nucleus/libs/BAN.php
index d7271b0..972f33b 100755
--- a/utf8/nucleus/libs/BAN.php
+++ b/utf8/nucleus/libs/BAN.php
@@ -57,7 +57,7 @@ class BAN {
 		);
 
 		$query = 'INSERT INTO '.sql_table('ban')." (blogid, iprange, reason) VALUES "
-			   . "($blogid,'".addslashes($iprange)."','".addslashes($reason)."')";
+			   . "($blogid,'".sql_real_escape_string($iprange)."','".sql_real_escape_string($reason)."')";
 		$res = sql_query($query);
 
 		$manager->notify(
@@ -82,7 +82,7 @@ class BAN {
 
 		$manager->notify('PreDeleteBan', array('blogid' => $blogid, 'range' => $iprange));
 
-		$query = 'DELETE FROM '.sql_table('ban')." WHERE blogid=$blogid and iprange='" .addslashes($iprange). "'";
+		$query = 'DELETE FROM '.sql_table('ban')." WHERE blogid=$blogid and iprange='" .sql_real_escape_string($iprange). "'";
 		sql_query($query);
 
 		$result = (sql_affected_rows() > 0);