From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- interface/web/sites/aps_install_package.php | 7 +++---- 1 files changed, 3 insertions(+), 4 deletions(-) diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php index 5d62322..05e4e9e 100644 --- a/interface/web/sites/aps_install_package.php +++ b/interface/web/sites/aps_install_package.php @@ -62,7 +62,7 @@ $adminflag = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false; $gui = new ApsGUIController($app); -$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : ''; +$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : ''; // Check if a newer version is available for the current package // Note: It's intended that here is no strict ID check (see below) @@ -85,9 +85,8 @@ // Get domain list $domains = array(); $domain_for_user = ''; -if(!$adminflag) $domain_for_user = "AND (sys_userid = '".$app->db->quote($_SESSION['s']['user']['userid'])."' - OR sys_groupid = '".$app->db->quote($_SESSION['s']['user']['default_group'])."' )"; -$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain;"); +if(!$adminflag) $domain_for_user = "AND (sys_userid = ? OR sys_groupid = ?)"; +$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain", $_SESSION['s']['user']['userid'], $_SESSION['s']['user']['default_group']); if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $domain['domain']; // If data has been submitted, validate it -- Gitblit v1.9.1