From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/tools_monitor.inc.php |   41 +++++++++++++++++++++--------------------
 1 files changed, 21 insertions(+), 20 deletions(-)

diff --git a/interface/lib/classes/tools_monitor.inc.php b/interface/lib/classes/tools_monitor.inc.php
index d8a09f4..bd1a969 100644
--- a/interface/lib/classes/tools_monitor.inc.php
+++ b/interface/lib/classes/tools_monitor.inc.php
@@ -33,7 +33,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'server_load' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -80,7 +80,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'disk_usage' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -123,7 +123,7 @@
 	function showDatabaseSize () {
 		global $app;
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'database_size' AND server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
 			//* format the data
@@ -142,10 +142,12 @@
 				if ($line['size'] > 0) $line['size'] = $app->functions->formatBytes($line['size']);
 
 				//* get the client
-				$line['client']=$app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name='".$line['database_name']."'")['username'];
+				$tmp = $app->db->queryOneRecord("SELECT client.username FROM web_database, sys_group, client WHERE web_database.sys_groupid = sys_group.groupid AND sys_group.client_id = client.client_id AND web_database.database_name=?", $line['database_name']);
+				$line['client'] = $tmp['username'];
 
 				//* get the domain
-				$line['domain']=$app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name='".$line['database_name']."')")['domain'];
+				$tmp = $app->db->queryOneRecord("SELECT domain FROM web_domain WHERE domain_id=(SELECT parent_domain_id FROM web_database WHERE database_name=?", $line['database_name']);
+				$line['domain'] = $tmp['domain'];
 
 				//* remove the sys_groupid from output
 				unset($line['sys_groupid']);
@@ -166,7 +168,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mem_usage' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -202,7 +204,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'cpu_info' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -236,7 +238,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'services' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -349,7 +351,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'system_update' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -379,7 +381,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'openvz_beancounter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -408,7 +410,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'raid_state' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -441,7 +443,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'rkhunter' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -472,7 +474,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_fail2ban' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -486,7 +488,7 @@
 			$data = unserialize($record['data']);
 			if ($data == '') {
 				$html .= '<p>'.
-					'fail2ban is not installed at this server.<br />' .
+					'fail2ban is not installed on this server.<br />' .
 					'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.
 					'</p>';
 			}
@@ -506,7 +508,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'log_mongodb' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$html =
@@ -520,8 +522,7 @@
 			$data = unserialize($record['data']);
 			if ($data == '') {
 				$html .= '<p>'.
-					'MongoDB is not installed at this server.<br />' .
-					'See more (for debian) <a href="http://www.howtoforge.com/fail2ban_debian_etch" target="htf">here...</a>'.
+					'MongoDB is not installed on this server.<br />' .
 					'</p>';
 			}
 			else {
@@ -538,7 +539,7 @@
 
 	function showIPTables() {
 		global $app;
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'iptables_rules' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 		if(isset($record['data'])) {
 			$html =
 				'<div class="systemmonitor-state state-'.$record['state'].'">
@@ -562,7 +563,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT data, state FROM monitor_data WHERE type = 'mailq' and server_id = ? ORDER BY created DESC", $_SESSION['monitor']['server_id']);
 
 		if(isset($record['data'])) {
 			$data = unserialize($record['data']);
@@ -578,7 +579,7 @@
 		global $app;
 
 		/* fetch the Data from the DB */
-		$record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = '" . $type . "' and server_id = " . $_SESSION['monitor']['server_id'] . " order by created desc");
+		$record = $app->db->queryOneRecord("SELECT created FROM monitor_data WHERE type = ? and server_id = ? ORDER BY created DESC", $type, $_SESSION['monitor']['server_id']);
 
 		/* TODO: datetimeformat should be set somewhat other way */
 		$dateTimeFormat = $app->lng("monitor_settings_datetimeformat_txt");

--
Gitblit v1.9.1