From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/dashboard/dashboard.php | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/interface/web/dashboard/dashboard.php b/interface/web/dashboard/dashboard.php index 6c04d58..51068b1 100644 --- a/interface/web/dashboard/dashboard.php +++ b/interface/web/dashboard/dashboard.php @@ -51,7 +51,7 @@ if($_SESSION['s']['user']['typ'] == 'admin') { $name = $_SESSION['s']['user']['username']; } else { - $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."'"); + $tmp = $app->db->queryOneRecord("SELECT contact_name FROM client WHERE username = ?", $_SESSION['s']['user']['username']); $name = $tmp['contact_name']; } @@ -146,7 +146,7 @@ $dashlet_list = array(); $handle = @opendir(ISPC_WEB_PATH.'/dashboard/dashlets'); while ($file = @readdir($handle)) { - if ($file != '.' && $file != '..' && !is_dir($file)) { + if ($file != '.' && $file != '..' && !is_dir(ISPC_WEB_PATH.'/dashboard/dashlets/'.$file)) { $dashlet_name = substr($file, 0, -4); $dashlet_class = 'dashlet_'.$dashlet_name; include_once ISPC_WEB_PATH.'/dashboard/dashlets/'.$file; -- Gitblit v1.9.1