From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/remote/monitor.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/remote/monitor.php b/interface/web/remote/monitor.php
index 9cc0084..132bcf2 100644
--- a/interface/web/remote/monitor.php
+++ b/interface/web/remote/monitor.php
@@ -30,7 +30,7 @@
 		$sql = 'SELECT server_id, server_name FROM server WHERE 1 ORDER BY server_id';
 		$records = $app->db->queryAllRecords($sql);
 		foreach($records as $index => $rec) {
-			$rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = " . $rec['server_id'] . " AND state NOT IN ('ok', 'no_state', 'info')");
+			$rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE server_id = ? AND state NOT IN ('ok', 'no_state', 'info')", $rec['server_id']);
 			if($rec) $records[$index]['state'] = 'warn';
 			else $records[$index]['state'] = 'ok';
 		}
@@ -38,7 +38,7 @@
 		$out['data'] = $records;
 		$out['time'] = date('Y-m-d H:i', $rec['created']);
 	} else {
-		$rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = '$type' AND server_id = $server_id");
+		$rec = $app->db->queryOneRecord("SELECT * FROM monitor_data WHERE type = ? AND server_id = ?", $type, $server_id);
 		if(is_array($rec)) {
 			$out['state'] = $rec['state'];
 			$out['data'] = unserialize(stripslashes($rec['data']));

--
Gitblit v1.9.1