From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/sites/aps_install_package.php |    7 +++----
 1 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/interface/web/sites/aps_install_package.php b/interface/web/sites/aps_install_package.php
index 5d62322..05e4e9e 100644
--- a/interface/web/sites/aps_install_package.php
+++ b/interface/web/sites/aps_install_package.php
@@ -62,7 +62,7 @@
 
 $adminflag = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
 $gui = new ApsGUIController($app);
-$pkg_id = (isset($_GET['id'])) ? $app->db->quote($_GET['id']) : '';
+$pkg_id = (isset($_GET['id'])) ? $_GET['id'] : '';
 
 // Check if a newer version is available for the current package
 // Note: It's intended that here is no strict ID check (see below)
@@ -85,9 +85,8 @@
 // Get domain list
 $domains = array();
 $domain_for_user = '';
-if(!$adminflag) $domain_for_user = "AND (sys_userid = '".$app->db->quote($_SESSION['s']['user']['userid'])."'
-    OR sys_groupid = '".$app->db->quote($_SESSION['s']['user']['default_group'])."' )";
-$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain;");
+if(!$adminflag) $domain_for_user = "AND (sys_userid = ? OR sys_groupid = ?)";
+$domains_assoc = $app->db->queryAllRecords("SELECT domain FROM web_domain WHERE document_root != '' AND (type = 'vhost' OR type = 'vhostsubdomain' OR type = 'vhostalias') AND active = 'y' ".$domain_for_user." ORDER BY domain", $_SESSION['s']['user']['userid'], $_SESSION['s']['user']['default_group']);
 if(!empty($domains_assoc)) foreach($domains_assoc as $domain) $domains[] = $domain['domain'];
 
 	// If data has been submitted, validate it

--
Gitblit v1.9.1