- don't set password via remoting if field is empty

Marius Cramer

2015-08-06 37b29231e47a0c4458dc1c15d98588f16f07e1e2

 interface/web/tools/user_settings.php

@@ -102,7 +102,7 @@
      global $app;
      
      if($_POST['passwort'] != '') {
         $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = '".$app->functions->intval($_SESSION['s']['user']['userid'])."'");
         $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
         $_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
         unset($tmp_user);
      }