From 604c0c24ba44720e052b536abb1ae992eb0ee292 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Tue, 19 Nov 2013 08:50:24 -0500
Subject: [PATCH] Code review.

---
 interface/web/admin/software_package_list.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/admin/software_package_list.php b/interface/web/admin/software_package_list.php
index e05ccc9..489b6fb 100644
--- a/interface/web/admin/software_package_list.php
+++ b/interface/web/admin/software_package_list.php
@@ -49,7 +49,7 @@
 		if(is_array($packages)) {
 			foreach($packages as $p) {
 				$package_name = $app->db->quote($p['name']);
-				$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '$package_name'");
+				$tmp = $app->db->queryOneRecord("SELECT package_id FROM software_package WHERE package_name = '".$app->db->quote($package_name)."'");
 
 				$package_title = $app->db->quote($p['title']);
 				$package_description = $app->db->quote($p['description']);
@@ -150,7 +150,7 @@
 	foreach($packages as $key => $p) {
 		$installed_txt = '';
 		foreach($servers as $s) {
-			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".addslashes($p["package_name"])."' AND server_id = '".$s["server_id"]."'");
+			$inst = $app->db->queryOneRecord("SELECT * FROM software_update, software_update_inst WHERE software_update_inst.software_update_id = software_update.software_update_id AND software_update_inst.package_name = '".$app->db->quote($p["package_name"])."' AND server_id = '".$app->functions->intval($s["server_id"])."'");
 			$version = $inst['v1'].'.'.$inst['v2'].'.'.$inst['v3'].'.'.$inst['v4'];
 
 			if($inst['status'] == 'installed') {

--
Gitblit v1.9.1