From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/mail/mail_user_del.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/mail/mail_user_del.php b/interface/web/mail/mail_user_del.php
index 6b309f8..dc92047 100644
--- a/interface/web/mail/mail_user_del.php
+++ b/interface/web/mail/mail_user_del.php
@@ -54,10 +54,10 @@
 	function onBeforeDelete() {
 		global $app; $conf;
 
-		$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = '".$app->db->quote($this->dataRecord["email"])."'");
+		$tmp_user = $app->db->queryOneRecord("SELECT id FROM spamfilter_users WHERE email = ?", $this->dataRecord["email"]);
 		$app->db->datalogDelete('spamfilter_users', 'id', $tmp_user["id"]);
 
-		$tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = '".$this->id."'");
+		$tmp_filters = $app->db->queryAllRecords("SELECT filter_id FROM mail_user_filter WHERE mailuser_id = ?", $this->id);
 		if(is_array($tmp_filters)) {
 			foreach($tmp_filters as $tmp) {
 				$app->db->datalogDelete('mail_user_filter', 'filter_id', $tmp["filter_id"]);

--
Gitblit v1.9.1