From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/mods-available/remoteaction_core_module.inc.php |   14 ++++----------
 1 files changed, 4 insertions(+), 10 deletions(-)

diff --git a/server/mods-available/remoteaction_core_module.inc.php b/server/mods-available/remoteaction_core_module.inc.php
index 0864953..807de50 100644
--- a/server/mods-available/remoteaction_core_module.inc.php
+++ b/server/mods-available/remoteaction_core_module.inc.php
@@ -62,10 +62,8 @@
 		 * First set the state
 		 */
 		global $app;
-		$sql = "UPDATE sys_remoteaction " .
-			"SET action_state = '" . $app->dbmaster->quote($state) . "' " .
-			"WHERE action_id = " . intval($id);
-		$app->dbmaster->query($sql);
+		$sql = "UPDATE sys_remoteaction SET action_state = ? WHERE action_id = ?";
+		$app->dbmaster->query($sql, $state, $id);
 
 		/*
 		 * Then save the maxid for the next time...
@@ -103,12 +101,8 @@
 		/*
 		 * Get all actions this server should execute
 		*/
-		$sql = "SELECT action_id, action_type, action_param " .
-			"FROM sys_remoteaction " .
-			"WHERE server_id = " . $server_id . " ".
-			" AND  action_id > " . intval($maxid_remote_action) . " ".
-			"ORDER BY action_id";
-		$actions = $app->dbmaster->queryAllRecords($sql);
+		$sql = "SELECT action_id, action_type, action_param FROM sys_remoteaction WHERE server_id = ? AND action_id > ? ORDER BY action_id";
+		$actions = $app->dbmaster->queryAllRecords($sql, $server_id, $maxid_remote_action);
 
 		/*
 		 * process all actions

--
Gitblit v1.9.1