From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/sites/aps_do_operation.php | 12 ++++++------ 1 files changed, 6 insertions(+), 6 deletions(-) diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php index ffc8c03..ff0705f 100644 --- a/interface/web/sites/aps_do_operation.php +++ b/interface/web/sites/aps_do_operation.php @@ -50,15 +50,15 @@ if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID')); // Change the existing status to the opposite - $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';"); + $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']); if($get_status['package_status'] == strval(PACKAGE_LOCKED)) { - $app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';"); + $app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']); echo '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>'; } else { - $app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';"); + $app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']); echo '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>'; } } @@ -69,7 +69,7 @@ $is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false; if(!$is_admin) { - $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';"); + $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']); $client_id = $cid['client_id']; } @@ -78,8 +78,8 @@ // Only delete the instance if the status is "installed" or "flawed" $check = $app->db->queryOneRecord("SELECT id FROM aps_instances - WHERE id = ".$app->db->quote($_GET['id'])." AND - (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");"); + WHERE id = ? AND + (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR); if($check['id'] > 0) $gui->deleteInstance($_GET['id']); //echo $app->lng('Installation_remove'); @header('Location:aps_installedpackages_list.php'); -- Gitblit v1.9.1