From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/client/message_template_edit.php |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/interface/web/client/message_template_edit.php b/interface/web/client/message_template_edit.php
index 819e267..7d285ac 100644
--- a/interface/web/client/message_template_edit.php
+++ b/interface/web/client/message_template_edit.php
@@ -56,12 +56,11 @@
 		// Check for duplicates
 		if($this->dataRecord['template_type'] == 'welcome') {
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ".$client_group_id;
+			$sql = "SELECT count(client_message_template_id) as number FROM client_message_template WHERE template_type = 'welcome' AND sys_groupid = ?";
 			if($this->id > 0) {
-				$sql .= " AND client_message_template_id != ".$this->id;
+				$sql .= " AND client_message_template_id != ?";
 			}
-			
-			$tmp = $app->db->queryOneRecord($sql);
+			$tmp = $app->db->queryOneRecord($sql, $client_group_id, $this->id);
 			if($tmp['number'] > 0) $app->tform->errorMessage .= $app->tform->lng('duplicate_welcome_error');
 		}
 		

--
Gitblit v1.9.1