From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001 From: Marius Cramer <m.cramer@pixcept.de> Date: Thu, 06 Aug 2015 03:18:44 -0400 Subject: [PATCH] - don't set password via remoting if field is empty --- server/plugins-available/postfix_filter_plugin.inc.php | 8 ++++---- 1 files changed, 4 insertions(+), 4 deletions(-) diff --git a/server/plugins-available/postfix_filter_plugin.inc.php b/server/plugins-available/postfix_filter_plugin.inc.php index 867df25..9c97ff1 100644 --- a/server/plugins-available/postfix_filter_plugin.inc.php +++ b/server/plugins-available/postfix_filter_plugin.inc.php @@ -80,8 +80,8 @@ $type = $data["new"]["type"]; if($type != '') { - $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'"; - $rules = $app->db->queryAllRecords($sql); + $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ?' AND active = 'y'"; + $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type); $content = ''; foreach($rules as $rule) { $content .= $rule["pattern"]; @@ -111,8 +111,8 @@ $type = $data["old"]["type"]; if($type != '') { - $sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'"; - $rules = $app->db->queryAllRecords($sql); + $sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ? AND active = 'y'"; + $rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type); $content = ''; foreach($rules as $rule) { $content .= $rule["pattern"]; -- Gitblit v1.9.1