From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/mailuser/index.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/interface/web/mailuser/index.php b/interface/web/mailuser/index.php
index 05f150b..b7748ac 100644
--- a/interface/web/mailuser/index.php
+++ b/interface/web/mailuser/index.php
@@ -17,8 +17,8 @@
 include $lng_file;
 $app->tpl->setVar($wb);
 
-$sql = "SELECT * FROM mail_user WHERE mailuser_id = ".$_SESSION['s']['user']['mailuser_id'];
-$rec = $app->db->queryOneRecord($sql);
+$sql = "SELECT * FROM mail_user WHERE mailuser_id = ?";
+$rec = $app->db->queryOneRecord($sql, $_SESSION['s']['user']['mailuser_id']);
 
 if($rec['quota'] == 0) {
 	$rec['quota'] = $wb['unlimited_txt'];
@@ -30,8 +30,8 @@
 
 $app->tpl->setVar($rec);
 
-$sql2 = "SELECT * FROM server WHERE server_id = ".$rec['server_id'];
-$rec2 = $app->db->queryOneRecord($sql2);
+$sql2 = "SELECT * FROM server WHERE server_id = ?";
+$rec2 = $app->db->queryOneRecord($sql2, $rec['server_id']);
 
 $app->tpl->setVar($rec2);
 

--
Gitblit v1.9.1