From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/tools_sites.inc.php |   13 ++++++++-----
 1 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
index 3400c5b..b2881f5 100644
--- a/interface/lib/classes/tools_sites.inc.php
+++ b/interface/lib/classes/tools_sites.inc.php
@@ -87,7 +87,7 @@
 			if(isset($dataRecord['client_group_id'])) {
 				$client_group_id = $dataRecord['client_group_id'];
 			} elseif (isset($dataRecord['parent_domain_id'])) {
-				$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+				$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
 				$client_group_id = $tmp['sys_groupid'];
 			} elseif(isset($dataRecord['sys_groupid'])) {
 				$client_group_id = $dataRecord['sys_groupid'];
@@ -96,7 +96,7 @@
 			}
 		}
 
-		$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+		$tmp = $app->db->queryOneRecord("SELECT name FROM sys_group WHERE groupid = ?", $client_group_id);
 		$clientName = $tmp['name'];
 		if ($clientName == "") $clientName = 'default';
 		$clientName = $this->convertClientName($clientName);
@@ -114,7 +114,7 @@
 			if(isset($dataRecord['client_group_id'])) {
 				$client_group_id = $dataRecord['client_group_id'];
 			} elseif (isset($dataRecord['parent_domain_id']) && $dataRecord['parent_domain_id'] != 0) {
-				$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = " . $dataRecord['parent_domain_id']);
+				$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM web_domain WHERE domain_id = ?", $dataRecord['parent_domain_id']);
 				$client_group_id = $tmp['sys_groupid'];
 			} elseif(isset($dataRecord['sys_groupid'])) {
 				$client_group_id = $dataRecord['sys_groupid'];
@@ -122,7 +122,7 @@
 				return '[CLIENTID]';
 			}
 		}
-		$tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = " . $app->functions->intval($client_group_id));
+		$tmp = $app->db->queryOneRecord("SELECT client_id FROM sys_group WHERE groupid = ?", $client_group_id);
 		$clientID = $tmp['client_id'];
 		if ($clientID == '') $clientID = '0';
 		return $clientID;
@@ -144,6 +144,7 @@
 		return $res;
 	}
 
+	/* TODO: rewrite SQL */
 	function getDomainModuleDomains($not_used_in_table = null, $selected_domain = null) {
 		global $app;
 
@@ -168,6 +169,7 @@
 		return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
 	}
 
+	/* TODO: rewrite SQL */
 	function checkDomainModuleDomain($domain_id) {
 		global $app;
 
@@ -180,7 +182,8 @@
 		if(!$domain || !$domain['domain_id']) return false;
 		return $domain['domain'];
 	}
-
+	
+	/* TODO: rewrite SQL */
 	function getClientIdForDomain($domain_id) {
 		global $app;
 

--
Gitblit v1.9.1