From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/mail/webmailer.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/mail/webmailer.php b/interface/web/mail/webmailer.php
index 3a10c0f..d6f73cc 100644
--- a/interface/web/mail/webmailer.php
+++ b/interface/web/mail/webmailer.php
@@ -43,13 +43,13 @@
 /*
  * Get the data to connect to the database
  */
-$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = " . $emailId);
+$dbData = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE mailuser_id = ?", $emailId);
 $serverId = $app->functions->intval($dbData['server_id']);
 if ($serverId == 0){
 	die ("No E-Mail - Server found!");
 }
 
-$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ".$serverId);
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
 
 $app->uses('getconf');
 $global_config = $app->getconf->get_global_config('mail');

--
Gitblit v1.9.1