From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/dashboard/dashlets/limits.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/interface/web/dashboard/dashlets/limits.php b/interface/web/dashboard/dashlets/limits.php
index 70113f3..2455da8 100644
--- a/interface/web/dashboard/dashlets/limits.php
+++ b/interface/web/dashboard/dashlets/limits.php
@@ -130,7 +130,7 @@
 
 		if($user_is_admin == false) {
 			$client_group_id = $app->functions->intval($_SESSION["s"]["user"]["default_group"]);
-			$client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = $client_group_id");
+			$client = $app->db->queryOneRecord("SELECT * FROM sys_group, client WHERE sys_group.client_id = client.client_id and sys_group.groupid = ?", $client_group_id);
 		}
 
 		$rows = array();
@@ -164,10 +164,10 @@
 	function _get_limit_usage($limit) {
 		global $app;
 
-		$sql = "SELECT count(sys_userid) as number FROM ".$app->db->quote($limit['db_table'])." WHERE ";
+		$sql = "SELECT count(sys_userid) as number FROM ?? WHERE ";
 		if($limit['db_where'] != '') $sql .= $limit['db_where']." AND ";
 		$sql .= $app->tform->getAuthSQL('r');
-		$rec = $app->db->queryOneRecord($sql);
+		$rec = $app->db->queryOneRecord($sql, $limit['db_table']);
 		return $rec['number'];
 
 	}

--
Gitblit v1.9.1