From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/dashboard/dashboard.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php
index 6c04d58..51068b1 100644
--- a/interface/web/dashboard/dashboard.php
+++ b/interface/web/dashboard/dashboard.php
@@ -51,7 +51,7 @@
 if($_SESSION['s']['user']['typ'] == 'admin') {
 	$name = $_SESSION['s']['user']['username'];
 } else {
-	$tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'");
+	$tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
 	$name = $tmp['contact_name'];
 }
 
@@ -146,7 +146,7 @@
 $dashlet_list = array();
 $handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets');
 while ($file = @readdir($handle)) {
-	if ($file != '.' && $file != '..' && !is_dir($file)) {
+	if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) {
 		$dashlet_name = substr($file, 0, -4);
 		$dashlet_class = 'dashlet_'.$dashlet_name;
 		include_once ISPC_WEB_PATH.'/dashboard/dashlets/'.$file;

--
Gitblit v1.9.1