From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/lib/app.inc.php |   15 +++++++--------
 1 files changed, 7 insertions(+), 8 deletions(-)

diff --git a/server/lib/app.inc.php b/server/lib/app.inc.php
index a9d47a5..dd8be5a 100755
--- a/server/lib/app.inc.php
+++ b/server/lib/app.inc.php
@@ -51,7 +51,7 @@
 					*/
 
 			if($conf['dbmaster_host'] != '' && ($conf['dbmaster_host'] != $conf['db_host'] || ($conf['dbmaster_host'] == $conf['db_host'] && $conf['dbmaster_database'] != $conf['db_database']))) {
-				$this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database']);
+				$this->dbmaster = new db($conf['dbmaster_host'], $conf['dbmaster_user'], $conf['dbmaster_password'], $conf['dbmaster_database'], $conf['dbmaster_port']);
 			} else {
 				$this->dbmaster = $this->db;
 			}
@@ -151,19 +151,18 @@
 			if(isset($this->dbmaster)) {
 				$server_id = $conf['server_id'];
 				$loglevel = $priority;
-				$tstamp = time();
-				$message = $this->dbmaster->quote($msg);
+				$message = $msg;
 				$datalog_id = (isset($this->modules->current_datalog_id) && $this->modules->current_datalog_id > 0)?$this->modules->current_datalog_id:0;
 				if($datalog_id > 0) {
-					$tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = $datalog_id AND loglevel = ".LOGLEVEL_ERROR);
+					$tmp_rec = $this->dbmaster->queryOneRecord("SELECT count(syslog_id) as number FROM sys_log WHERE datalog_id = ? AND loglevel = ?", $datalog_id, LOGLEVEL_ERROR);
 					//* Do not insert duplicate errors into the web log.
 					if($tmp_rec['number'] == 0) {
-						$sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',$datalog_id,'$loglevel','$tstamp','$message')";
-						$this->dbmaster->query($sql);
+						$sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, ?, ?, UNIX_TIMESTAMP(), ?)";
+						$this->dbmaster->query($sql, $server_id, $datalog_id, $loglevel, $message);
 					}
 				} else {
-					$sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES ('$server_id',0,'$loglevel','$tstamp','$message')";
-					$this->dbmaster->query($sql);
+					$sql = "INSERT INTO sys_log (server_id,datalog_id,loglevel,tstamp,message) VALUES (?, 0, ?, UNIX_TIMESTAMP(), ?)";
+					$this->dbmaster->query($sql, $server_id, $loglevel, $message);
 				}
 			}
 

--
Gitblit v1.9.1