From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/sites/aps_do_operation.php |   12 ++++++------
 1 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php
index ffc8c03..ff0705f 100644
--- a/interface/web/sites/aps_do_operation.php
+++ b/interface/web/sites/aps_do_operation.php
@@ -50,15 +50,15 @@
 	if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID'));
 
 	// Change the existing status to the opposite
-	$get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';");
+	$get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']);
 	if($get_status['package_status'] == strval(PACKAGE_LOCKED))
 	{
-		$app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+		$app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']);
 		echo '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>';
 	}
 	else
 	{
-		$app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+		$app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']);
 		echo '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>';
 	}
 }
@@ -69,7 +69,7 @@
 		$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
 		if(!$is_admin)
 		{
-			$cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");
+			$cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
 			$client_id = $cid['client_id'];
 		}
 
@@ -78,8 +78,8 @@
 
 		// Only delete the instance if the status is "installed" or "flawed"
 		$check = $app->db->queryOneRecord("SELECT id FROM aps_instances
-        WHERE id = ".$app->db->quote($_GET['id'])." AND
-        (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");");
+        WHERE id = ? AND
+        (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR);
 		if($check['id'] > 0) $gui->deleteInstance($_GET['id']);
 		//echo $app->lng('Installation_remove');
 		@header('Location:aps_installedpackages_list.php');

--
Gitblit v1.9.1