Fix SQL and XSS injection

[CrazyHackGUT]

Something user hack my SourceBans with this injection. SourceBans "generates" PHP error due to email[] in query string, and log error in system logs. After, while opening system logs, code in <script> tags executes from message because this is not escaped. It can help hackers to steal cookies admin when entering the settings.

I hacked in this way, and I do not want to hurt anyone else.
From my system log:

Sorry if that, for my English. I did not know much, I'm from Russia

[koteq]

@CrazyHackGUT is right the vulnerability is real. Firstly because of dumb db query builder here, which should be replaced by throw statement. And secondly because of output escaping lack.

Also I have to mention that it's totally ok to use force push to modify your pull request commits.

[Technoblazed]

The majority of sourcebans is completely fucked. But no one can be bothered to do a rewrite.

[CrazyHackGUT]

@Technoblazed, we have on one forum is an active discussion of whether it is necessary to rewrite the SourceBans from scratch with using framework.

[Technoblazed]

Honestly, I'll probably end up doing it next summer, because I'm always bored as fuck.

[Groruk]

@galexrt and I are actually planning on rewriting SourceBans++ from scratch. Sadly, at the time we are busy with RL stuff but hope to start development in between Christmas and new year.

[Technoblazed]

@Groruk Let me know if you need anyone else :D