From 35509d5644f23eb109bf41b496de730d24103da3 Mon Sep 17 00:00:00 2001
From: Till Brehm <tbrehm@ispconfig.org>
Date: Mon, 18 Nov 2013 15:30:13 -0500
Subject: [PATCH] Better variable quoting in sql queries.

---
 interface/lib/classes/validate_client.inc.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index 6bd0015..c6f2dcb 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -53,7 +53,7 @@
 				}
 			}
 		} else {
-			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$client_id);
+			$num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
 			if($num_rec["number"] > 0) {
 				$errmsg = $validator['errmsg'];
 				if(isset($app->tform->wordbook[$errmsg])) {

--
Gitblit v1.9.1