From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/lib/classes/validate_systemuser.inc.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/validate_systemuser.inc.php b/interface/lib/classes/validate_systemuser.inc.php
index 2cab1cf..74824b7 100644
--- a/interface/lib/classes/validate_systemuser.inc.php
+++ b/interface/lib/classes/validate_systemuser.inc.php
@@ -95,7 +95,7 @@
 
 		if($primary_id > 0) {
 			//* get parent_domain_id from website
-			$shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = '".$app->db->quote($primary_id)."'");
+			$shell_data = $app->db->queryOneRecord("SELECT parent_domain_id FROM shell_user WHERE shell_user_id = ?", $primary_id);
 			if(!is_array($shell_data) || $shell_data["parent_domain_id"] < 1) {
 				$errmsg = $validator['errmsg'];
 				if(isset($app->tform->wordbook[$errmsg])) {
@@ -111,7 +111,7 @@
 			$parent_domain_id = $app->functions->intval($app->remoting_lib->dataRecord['parent_domain_id']);
 		}
 
-		$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = '".$app->db->quote($parent_domain_id)."'");
+		$domain_data = $app->db->queryOneRecord("SELECT domain_id, document_root FROM web_domain WHERE domain_id = ?", $parent_domain_id);
 		if(!is_array($domain_data) || $domain_data["domain_id"] < 1) {
 			$errmsg = $validator['errmsg'];
 			if(isset($app->tform->wordbook[$errmsg])) {

--
Gitblit v1.9.1