From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/lib/classes/remote.d/admin.inc.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/interface/lib/classes/remote.d/admin.inc.php b/interface/lib/classes/remote.d/admin.inc.php index ba966fe..2541ca5 100644 --- a/interface/lib/classes/remote.d/admin.inc.php +++ b/interface/lib/classes/remote.d/admin.inc.php @@ -60,7 +60,7 @@ switch($key) { case 'sys_userid': // check if userid is valid - $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value)); + $check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value)); if(!$check || !$check['userid']) { $this->server->fault('invalid parameters', $value . ' is no valid sys_userid.'); return false; @@ -69,7 +69,7 @@ break; case 'sys_groupid': // check if groupid is valid - $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value)); + $check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value)); if(!$check || !$check['groupid']) { $this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.'); return false; -- Gitblit v1.9.1