From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/admin/software_package_list.php | 96 ++++++++++++++++++++++++-----------------------
1 files changed, 49 insertions(+), 47 deletions(-)
diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index f7bf25b..5e552db 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -48,27 +48,40 @@
$packages = $client->get_packages($repo['repo_username'], $repo['repo_password']);
if(is_array($packages)) {
foreach($packages as $p) {
- $package_name = $app->db->quote($p['name']);
- $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
+ $package_name = $p['name'];
+ $tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = ?", $package_name);
- $package_title = $app->db->quote($p['title']);
- $package_description = $app->db->quote($p['description']);
+ $package_title = $p['title'];
+ $package_description = $p['description'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $package_type = $app->db->quote($p['type']);
- $package_installable = $app->db->quote($p['installable']);
- $package_requires_db = $app->db->quote($p['requires_db']);
- $package_remote_functions = $app->db->quote($p['remote_functions']);
+ $package_type = $p['type'];
+ $package_installable = $p['installable'];
+ $package_requires_db = $p['requires_db'];
+ $package_remote_functions = $p['remote_functions'];
if(empty($tmp['package_id'])) {
- //$sql = "INSERT INTO software_package (software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db')";
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, package_title, package_description,package_type,package_installable,package_requires_db,package_remote_functions) VALUES ($software_repo_id, '$package_name', '$package_title', '$package_description','$package_type','$package_installable','$package_requires_db','$package_remote_functions')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
$app->db->datalogInsert('software_package', $insert_data, 'package_id');
$packages_added++;
} else {
- //$sql = "UPDATE software_package SET software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db' WHERE package_name = '$package_name'";
- //$app->db->query($sql);
- $update_data = "software_repo_id = $software_repo_id, package_title = '$package_title', package_description = '$package_description', package_type = '$package_type', package_installable = '$package_installable', package_requires_db = '$package_requires_db', package_remote_functions = '$package_remote_functions'";
+ $update_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_title" => $package_title,
+ "package_description" => $package_description,
+ "package_type" => $package_type,
+ "package_installable" => $package_installable,
+ "package_requires_db" => $package_requires_db,
+ "package_remote_functions" => $package_remote_functions
+ );
//echo $update_data;
$app->db->datalogUpdate('software_package', $update_data, 'package_id', $tmp['package_id']);
}
@@ -91,25 +104,31 @@
$v3 = $app->functions->intval($version_array[2]);
$v4 = $app->functions->intval($version_array[3]);
- $package_name = $app->db->quote($u['package_name']);
+ $package_name = $u['package_name'];
$software_repo_id = $app->functions->intval($repo['software_repo_id']);
- $update_url = $app->db->quote($u['url']);
- $update_md5 = $app->db->quote($u['md5']);
- $update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
- $update_title = $app->db->quote($u['title']);
- $type = $app->db->quote($u['type']);
+ $update_url = $u['url'];
+ $update_md5 = $u['md5'];
+ $update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+ $update_title = $u['title'];
+ $type = $u['type'];
// Check that we do not have this update in the database yet
- $sql = "SELECT * FROM software_update WHERE package_name = '$package_name' and v1 = '$v1' and v2 = '$v2' and v3 = '$v3' and v4 = '$v4'";
- $tmp = $app->db->queryOneRecord($sql);
+ $sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
+ $tmp = $app->db->queryOneRecord($sql, $package_name, $v1, $v2, $v3, $v4);
if(!isset($tmp['software_update_id'])) {
- // Insert the update in the datbase
- //$sql = "INSERT INTO software_update (software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- //VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
- //die($sql);
- //$app->db->query($sql);
- $insert_data = "(software_repo_id, package_name, update_url, update_md5, update_dependencies, update_title, v1, v2, v3, v4, type)
- VALUES ($software_repo_id, '$package_name', '$update_url', '$update_md5', '$update_dependencies', '$update_title', '$v1', '$v2', '$v3', '$v4', '$type')";
+ $insert_data = array(
+ "software_repo_id" => $software_repo_id,
+ "package_name" => $package_name,
+ "update_url" => $update_url,
+ "update_md5" => $update_md5,
+ "update_dependencies" => $update_dependencies,
+ "update_title" => $update_title,
+ "v1" => $v1,
+ "v2" => $v2,
+ "v3" => $v3,
+ "v4" => $v4,
+ "type" => $type
+ );
$app->db->datalogInsert('software_update', $insert_data, 'software_update_id');
}
@@ -119,23 +138,6 @@
}
}
}
-
-//* Install packages, if GET Request
-/*
-if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
- $package_name = $app->db->quote($_GET['package']);
- $server_id = $app->functions->intval($_GET['server_id']);
- $sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
- $tmp = $app->db->queryOneRecord($sql);
- $software_update_id = $tmp['software_update_id'];
-
- $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
- // $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
- $app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
-}
-*/
-
-
// Show the list in the interface
// Loading the template
@@ -150,7 +152,7 @@
foreach($packages as $key => $p) {
$installed_txt = '';
foreach($servers as $s) {
- $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
+ $inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = ? AND server_id = ?", $p["package_name"], $s["server_id"]);
$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
if($inst['status'] == 'installed') {
--
Gitblit v1.9.1