From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/remote.d/aps.inc.php |   16 ++++++++--------
 1 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/interface/lib/classes/remote.d/aps.inc.php b/interface/lib/classes/remote.d/aps.inc.php
index 78c066c..b626f1b 100644
--- a/interface/lib/classes/remote.d/aps.inc.php
+++ b/interface/lib/classes/remote.d/aps.inc.php
@@ -241,8 +241,8 @@
 			return false;
 		}
 	
-		$sql = "SELECT * FROM web_domain WHERE domain = '".$app->db->quote($params['main_domain'])."'";
-		$domain = $app->db->queryOneRecord($sql);
+		$sql = "SELECT * FROM web_domain WHERE domain = ?";
+		$domain = $app->db->queryOneRecord($sql, $params['main_domain']);
 	
 		if (!$domain) {
 			$this->server->fault('invalid parameters', 'No valid domain given.');
@@ -269,8 +269,8 @@
 			return false;
 		}
 	
-		$sql  = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
-		$result = $app->db->queryOneRecord($sql);
+		$sql  = "SELECT * FROM aps_instances WHERE id = ?";
+		$result = $app->db->queryOneRecord($sql, $app->functions->intval($primary_id));
 		return $result;
 	}
 	
@@ -283,8 +283,8 @@
 			return false;
 		}
 	
-		$sql  = "SELECT * FROM aps_instances_settings WHERE instance_id = ".$app->functions->intval($primary_id);
-		$result = $app->db->queryAllRecords($sql);
+		$sql  = "SELECT * FROM aps_instances_settings WHERE instance_id = ?";
+		$result = $app->db->queryAllRecords($sql, $app->functions->intval($primary_id));
 		return $result;
 	}
 	
@@ -301,8 +301,8 @@
 		$gui = new ApsGUIController($app);
 	
 		// Check if Instance exists
-		$sql  = "SELECT * FROM aps_instances WHERE id = ".$app->functions->intval($primary_id);
-		$result = $app->db->queryOneRecord($sql);
+		$sql  = "SELECT * FROM aps_instances WHERE id = ?";
+		$result = $app->db->queryOneRecord($sql, $primary_id);
 	
 		if (!$result) {
 			$this->server->fault('instance_error', 'No valid instance id given.');

--
Gitblit v1.9.1