From 35509d5644f23eb109bf41b496de730d24103da3 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 18 Nov 2013 15:30:13 -0500
Subject: [PATCH] Better variable quoting in sql queries.

---
 interface/lib/classes/tform_actions.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/tform_actions.inc.php b/interface/lib/classes/tform_actions.inc.php
index 336d2fb..bb9e78e 100644
--- a/interface/lib/classes/tform_actions.inc.php
+++ b/interface/lib/classes/tform_actions.inc.php
@@ -81,7 +81,7 @@
 
 		// check if the client is locked - he may not change anything, then.
 		if(!$app->auth->is_admin()) {
-			$client_group_id = $_SESSION["s"]["user"]["default_group"];
+			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
 			$client = $app->db->queryOneRecord("SELECT client.locked FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ".$app->functions->intval($client_group_id));
 			if(is_array($client) && $client['locked'] == 'y') {
 				$app->tform->errorMessage .= $app->lng("client_you_are_locked")."<br />";

--
Gitblit v1.9.1