From cedad166fa7655b0a49e7e27c57bbee78032fbe7 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Thu, 24 Sep 2015 07:47:39 -0400
Subject: [PATCH] Merge branch 'master' into 'master'
---
interface/lib/classes/remoting_lib.inc.php | 29 +++++++++++++++--------------
1 files changed, 15 insertions(+), 14 deletions(-)
diff --git a/interface/lib/classes/remoting_lib.inc.php b/interface/lib/classes/remoting_lib.inc.php
index af0143f..1299080 100644
--- a/interface/lib/classes/remoting_lib.inc.php
+++ b/interface/lib/classes/remoting_lib.inc.php
@@ -238,22 +238,23 @@
$sql_offset = 0;
$sql_limit = 0;
$sql_where = '';
+ $params = array($this->formDef['db_table']);
foreach($primary_id as $key => $val) {
- $key = $app->db->quote($key);
- $val = $app->db->quote($val);
if($key == '#OFFSET#') $sql_offset = $app->functions->intval($val);
elseif($key == '#LIMIT#') $sql_limit = $app->functions->intval($val);
elseif(stristr($val, '%')) {
- $sql_where .= "$key like '$val' AND ";
+ $sql_where .= "?? like ? AND ";
} else {
- $sql_where .= "$key = '$val' AND ";
+ $sql_where .= "?? = ? AND ";
}
+ $params[] = $key;
+ $params[] = $val;
}
$sql_where = substr($sql_where, 0, -5);
if($sql_where == '') $sql_where = '1';
$sql = "SELECT * FROM ?? WHERE ".$sql_where. " AND " . $this->getAuthSQL('r', $this->formDef['db_table']);
if($sql_offset >= 0 && $sql_limit > 0) $sql .= ' LIMIT ' . $sql_offset . ',' . $sql_limit;
- return $app->db->queryAllRecords($sql, $this->formDef['db_table']);
+ return $app->db->queryAllRecords($sql, true, $params);
} else {
$this->errorMessage = 'The ID must be either an integer or an array.';
return array();
@@ -262,12 +263,12 @@
function ispconfig_sysuser_add($params, $insert_id){
global $conf, $app, $sql1;
- $username = $app->db->quote($params["username"]);
- $password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $password = $params["password"];
if(!isset($params['modules'])) {
$modules = $conf['interface_modules_enabled'];
} else {
- $modules = $app->db->quote($params['modules']);
+ $modules = $params['modules'];
}
if(isset($params['limit_client']) && $params['limit_client'] > 0) {
$modules .= ',client';
@@ -276,18 +277,18 @@
if(!isset($params['startmodule'])) {
$startmodule = 'dashboard';
} else {
- $startmodule = $app->db->quote($params["startmodule"]);
+ $startmodule = $params["startmodule"];
if(!preg_match('/'.$startmodule.'/', $modules)) {
$_modules = explode(',', $modules);
$startmodule=$_modules[0];
}
}
- $usertheme = $app->db->quote($params["usertheme"]);
+ $usertheme = $params["usertheme"];
$type = 'user';
$active = 1;
$insert_id = $app->functions->intval($insert_id);
- $language = $app->db->quote($params["language"]);
- $groupid = $app->db->datalogInsert('sys_group', "(name,description,client_id) VALUES ('$username','','$insert_id')", 'groupid');
+ $language = $params["language"];
+ $groupid = $app->db->datalogInsert('sys_group', array("name" => $username, "description" => "", "client_id" => $insert_id), 'groupid');
$groups = $groupid;
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($password));
$sql1 = "INSERT INTO sys_user (username,passwort,modules,startmodule,app_theme,typ,active,language,groups,default_group,client_id)
@@ -297,8 +298,8 @@
function ispconfig_sysuser_update($params, $client_id){
global $app;
- $username = $app->db->quote($params["username"]);
- $clear_password = $app->db->quote($params["password"]);
+ $username = $params["username"];
+ $clear_password = $params["password"];
$client_id = $app->functions->intval($client_id);
if(!isset($params['_ispconfig_pw_crypted']) || $params['_ispconfig_pw_crypted'] != 1) $password = $app->auth->crypt_password(stripslashes($clear_password));
else $password = $clear_password;
--
Gitblit v1.9.1