From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/remote.d/server.inc.php |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/interface/lib/classes/remote.d/server.inc.php b/interface/lib/classes/remote.d/server.inc.php
index 4035302..eb4a8b9 100644
--- a/interface/lib/classes/remote.d/server.inc.php
+++ b/interface/lib/classes/remote.d/server.inc.php
@@ -55,8 +55,8 @@
 			throw new SoapFault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$sql = "SELECT server_id FROM server_ip WHERE ip_address  = '$ipaddress' LIMIT 1 ";
-		$all = $app->db->queryAllRecords($sql);
+		$sql = "SELECT server_id FROM server_ip WHERE ip_address  = ? LIMIT 1";
+		$all = $app->db->queryAllRecords($sql, $ipaddress);
 		return $all;
 	}
 
@@ -178,8 +178,8 @@
             return false;
 		}
 		if (!empty($session_id) && !empty($server_name)) {
-			$sql = "SELECT server_id FROM server WHERE server_name  = '$server_name' LIMIT 1 ";
-			$all = $app->db->queryAllRecords($sql);
+			$sql = "SELECT server_id FROM server WHERE server_name  = ? LIMIT 1";
+			$all = $app->db->queryAllRecords($sql, $server_name);
 			return $all;
 		} else {
 			return false;
@@ -200,8 +200,8 @@
             return false;
 		}
 		if (!empty($session_id) && !empty($server_id)) { 
-			$sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id  = '$server_id' LIMIT 1 ";
-			$all = $app->db->queryAllRecords($sql);
+			$sql = "SELECT mail_server, web_server, dns_server, file_server, db_server, vserver_server, proxy_server, firewall_server FROM server WHERE server_id  = ? LIMIT 1 ";
+			$all = $app->db->queryAllRecords($sql, $server_id);
 			return $all;
 		} else {
 			return false;

--
Gitblit v1.9.1