530326b8e4e31273686ec1472b757bcb0b49bdeb
- All staff paths (build, lock, edit, editgame, delete, add, search) and the render SELECTs now use db.php helpers with bound params. Removes SQL injection via playerid/missionid/callsign/newtype/newmap/buildmissions. - Delete routes through new pqs_remove_player() (shared lock + transaction, resyncs numplayers from real occupancy instead of a raw numplayers-1). - Drop a stray buggy line ($callsign from an undefined $line) and guard $_SERVER['SERVER_ADDR']. build now sets nummercs=0 (strict-mode safe). Verified on the stack: build/edit/delete/editgame/lock/search all work; delete resyncs numplayers; no errors. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Description
No description provided
246 MiB
Languages
JavaScript
55.2%
PHP
39.2%
CSS
4.1%
Shell
0.8%
Batchfile
0.7%