From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/plugin_backuplist_mail.inc.php |   41 +++++++----------------------------------
 1 files changed, 7 insertions(+), 34 deletions(-)

diff --git a/interface/lib/classes/plugin_backuplist_mail.inc.php b/interface/lib/classes/plugin_backuplist_mail.inc.php
index 8474283..901901a 100644
--- a/interface/lib/classes/plugin_backuplist_mail.inc.php
+++ b/interface/lib/classes/plugin_backuplist_mail.inc.php
@@ -55,42 +55,15 @@
 
 		if(isset($_GET['backup_action'])) {
 			$backup_id = $app->functions->intval($_GET['backup_id']);
-/*
-			if($_GET['backup_action'] == 'download_mail' && $backup_id > 0) {
-				$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_download' AND action_param = '$backup_id'";
-				$tmp = $app->db->queryOneRecord($sql);
-				if($tmp['number'] == 0) {
-					$message .= $wb['download_info_txt'];
-					$sql = 	"INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-					"VALUES (".
-						(int)$this->form->dataRecord['server_id'] . ", " .
-						time() . ", " .
-						"'backup_download', " .
-						"'".$backup_id."', " .
-						"'pending', " .
-						"''" .
-					")";
-					$app->db->query($sql);
-				} else {
-					$error .= $wb['download_pending_txt'];
-				}
-			}
-*/
+
 			if($_GET['backup_action'] == 'restore_mail' && $backup_id > 0) {
-				$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = '$backup_id'";
-				$tmp = $app->db->queryOneRecord($sql);
+				$sql = "SELECT count(action_id) as number FROM sys_remoteaction WHERE action_state = 'pending' AND action_type = 'backup_restore_mail' AND action_param = ?";
+				$tmp = $app->db->queryOneRecord($sql, $backup_id);
 				if($tmp['number'] == 0) {
 					$message .= $wb['restore_info_txt'];
 					$sql = 	"INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-					"VALUES (".
-						(int)$this->form->dataRecord['server_id'] . ", " .
-						time() . ", " .
-						"'backup_restore_mail', " .
-						"'".$backup_id."', " .
-						"'pending', " .
-						"''" .
-					")";
-					$app->db->query($sql);
+					"VALUES (?, ? 'backup_restore_mail', ?, 'pending','')";
+					$app->db->query($sql, $this->form->dataRecord['server_id'], time(), $backup_id);
 				} else {
 					$error .= $wb['restore_pending_txt'];
 				}
@@ -98,8 +71,8 @@
 		}
 				
 		//* Get the data
-		$sql = "SELECT * FROM mail_backup WHERE mailuser_id = ".$this->form->id." ORDER BY tstamp DESC";
-		$records = $app->db->queryAllRecords($sql);
+		$sql = "SELECT * FROM mail_backup WHERE mailuser_id = ? ORDER BY tstamp DESC";
+		$records = $app->db->queryAllRecords($sql, $this->form->id);
 		$bgcolor = "#FFFFFF";
 		if(is_array($records)) {
 			foreach($records as $rec) {

--
Gitblit v1.9.1