From 6b1fde7e9a450ae8e4835f7e8c2ba1f398e78c1f Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 04:14:10 -0400
Subject: [PATCH] Merge remote-tracking branch 'ispc/master'

---
 interface/web/client/client_message.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/interface/web/client/client_message.php b/interface/web/client/client_message.php
index 5707e88..0e3bd2e 100644
--- a/interface/web/client/client_message.php
+++ b/interface/web/client/client_message.php
@@ -60,7 +60,7 @@
 	//* Send message
 	if($error == '') {
 		if($app->functions->intval($_POST['recipient']) > 0){
-			$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ".$app->functions->intval($_POST['recipient'])." AND ".$app->tform->getAuthSQL('r'));
+			$circle = $app->db->queryOneRecord("SELECT client_ids FROM client_circle WHERE active = 'y' AND circle_id = ? AND ".$app->tform->getAuthSQL('r'), $_POST['recipient']);
 			if(isset($circle['client_ids']) && $circle['client_ids'] != ''){
 				$tmp_client_ids = explode(',', $circle['client_ids']);
 				$where = array();
@@ -120,8 +120,8 @@
 	if($_SESSION["s"]["user"]["typ"] != 'admin'){
 		$client_id = $app->functions->intval($_SESSION['s']['user']['client_id']);
 		if($client_id > 0){
-			$sql = "SELECT email FROM client WHERE client_id = ".$client_id;
-			$client = $app->db->queryOneRecord($sql);
+			$sql = "SELECT email FROM client WHERE client_id = ?";
+			$client = $app->db->queryOneRecord($sql, $client_id);
 			if($client['email'] != '') $app->tpl->setVar('sender', $client['email']);
 		}
 	}

--
Gitblit v1.9.1