From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/lib/classes/cron.d/600-cleanup.inc.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/lib/classes/cron.d/600-cleanup.inc.php b/server/lib/classes/cron.d/600-cleanup.inc.php
index 8222fe5..e55c259 100644
--- a/server/lib/classes/cron.d/600-cleanup.inc.php
+++ b/server/lib/classes/cron.d/600-cleanup.inc.php
@@ -58,8 +58,8 @@
 			$records = $app->db->queryAllRecords("SELECT s.instance_id, s.name, s.value FROM `aps_instances_settings` as s INNER JOIN `aps_instances` as i ON (i.id = s.instance_id) WHERE s.value != '' AND s.name IN ('main_database_password', 'admin_password') AND i.instance_status > 1");
 			if(is_array($records)) {
 				foreach($records as $rec) {
-					$tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = '".$app->db->quote($rec['instance_id'])."' AND name = '".$app->db->quote($rec['name'])."'");
-					$app->db->datalogUpdate('aps_instances_settings', "value = ''", 'id', $tmp['id']);
+					$tmp = $app->db->queryOneRecord("SELECT id FROM aps_instances_settings WHERE instance_id = ? AND name = ?", $rec['instance_id'], $rec['name']);
+					$app->db->datalogUpdate('aps_instances_settings', array("value" => ''), 'id', $tmp['id']);
 				}
 			}
 		}

--
Gitblit v1.9.1