From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/lib/classes/cron.d/100-monitor_email_quota.inc.php |   12 +++---------
 1 files changed, 3 insertions(+), 9 deletions(-)

diff --git a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
index 5d0c7a0..75014c3 100644
--- a/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
+++ b/server/lib/classes/cron.d/100-monitor_email_quota.inc.php
@@ -75,7 +75,7 @@
 		//* The state of the email_quota.
 		$state = 'ok';
 
-		$mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = $server_id");
+		$mailboxes = $app->db->queryAllRecords("SELECT email,maildir FROM mail_user WHERE server_id = ?", $server_id);
 		if(is_array($mailboxes)) {
 
 			//* with dovecot we can use doveadm instead of 'du -s'
@@ -134,14 +134,8 @@
          * Insert the data into the database
          */
 		$sql = 'REPLACE INTO monitor_data (server_id, type, created, data, state) ' .
-			'VALUES (' .
-			$res['server_id'] . ', ' .
-			"'" . $app->dbmaster->quote($res['type']) . "', " .
-			'UNIX_TIMESTAMP(), ' .
-			"'" . $app->dbmaster->quote(serialize($res['data'])) . "', " .
-			"'" . $res['state'] . "'" .
-			')';
-		$app->dbmaster->query($sql);
+			'VALUES (?, ?, UNIX_TIMESTAMP(), ?, ?)';
+		$app->dbmaster->query($sql, $res['server_id'], $res['type'], serialize($res['data']), $res['state']);
 
 		/* The new data is written, now we can delete the old one */
 		$this->_tools->delOldRecords($res['type'], $res['server_id']);

--
Gitblit v1.9.1