From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/plugins-available/postfix_filter_plugin.inc.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/plugins-available/postfix_filter_plugin.inc.php b/server/plugins-available/postfix_filter_plugin.inc.php
index 867df25..9c97ff1 100644
--- a/server/plugins-available/postfix_filter_plugin.inc.php
+++ b/server/plugins-available/postfix_filter_plugin.inc.php
@@ -80,8 +80,8 @@
 
 		$type = $data["new"]["type"];
 		if($type != '') {
-			$sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
-			$rules = $app->db->queryAllRecords($sql);
+			$sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ?' AND active = 'y'";
+			$rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
 			$content = '';
 			foreach($rules as $rule) {
 				$content .= $rule["pattern"];
@@ -111,8 +111,8 @@
 
 		$type = $data["old"]["type"];
 		if($type != '') {
-			$sql = "SELECT * FROM mail_content_filter WHERE server_id = ".intval($conf["server_id"])." AND type = '".$app->db->quote($type)."' AND active = 'y'";
-			$rules = $app->db->queryAllRecords($sql);
+			$sql = "SELECT * FROM mail_content_filter WHERE server_id = ? AND type = ? AND active = 'y'";
+			$rules = $app->db->queryAllRecords($sql, $conf["server_id"], $type);
 			$content = '';
 			foreach($rules as $rule) {
 				$content .= $rule["pattern"];

--
Gitblit v1.9.1