From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/client/client_template_del.php |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/interface/web/client/client_template_del.php b/interface/web/client/client_template_del.php
index b57224f..359b5bb 100644
--- a/interface/web/client/client_template_del.php
+++ b/interface/web/client/client_template_del.php
@@ -44,7 +44,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('client');
-if(!$_SESSION["s"]["user"]["typ"] == 'admin') die('Client-Templates are for Admins only.');
+if($_SESSION["s"]["user"]["typ"] != 'admin' && !$app->auth->has_clients($_SESSION['s']['user']['userid'])) die('Client-Templates are for Admins and Resellers only.');
 
 $app->uses('tpl,tform');
 $app->load('tform_actions');
@@ -54,13 +54,13 @@
 		global $app;
 
 		// check new style
-		$rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ".$this->id);
+		$rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client_template_assigned WHERE client_template_id = ?", $this->id);
 		if($rec['number'] > 0) {
 			$app->error($app->tform->lng('template_del_aborted_txt'));
 		}
 
 		// check old style
-		$rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ".$this->id." OR template_additional like '%/".$this->id."/%'");
+		$rec = $app->db->queryOneRecord("SELECT count(client_id) as number FROM client WHERE template_master = ? OR template_additional like ?", $this->id, '%/".$this->id."/%');
 		if($rec['number'] > 0) {
 			$app->error($app->tform->lng('template_del_aborted_txt'));
 		}

--
Gitblit v1.9.1