From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/admin/software_package_install.php |   19 ++++++++++++-------
 1 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index 80e1fe6..ccbfd73 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -38,9 +38,9 @@
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
 
-$package_name = $app->db->quote($_REQUEST['package']);
+$package_name = $_REQUEST['package'];
 $install_server_id = $app->functions->intval($_REQUEST['server_id']);
-$install_key = $app->db->quote(trim($_REQUEST['install_key']));
+$install_key = trim($_REQUEST['install_key']);
 
 $package = $app->db->queryOneRecord("SELECT * FROM software_package WHERE package_name = ?", $package_name);
 
@@ -63,7 +63,7 @@
 		$message_err = 'Verification of the key failed.';
 	} else {
 		// Store the verified key into the database
-		$app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
+		$app->db->datalogUpdate('software_package', array("package_key" => $install_key), 'package_id', $package['package_id']);
 	}
 } else {
 	$message_ok = 'Please enter the software key for the package.';
@@ -91,7 +91,7 @@
 				'database_host' => 'localhost');
 			$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
 			$package['package_config'] = $package_config_str;
-			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+			$app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
 		}
 	}
 
@@ -105,7 +105,7 @@
 		if(!isset($package_config_array['remote_api'])) {
 			$remote_user = 'ispapp'.$package['package_id'];
 			$remote_password = md5(mt_rand());
-			$remote_functions = $app->db->quote($package['package_remote_functions']);
+			$remote_functions = $package['package_remote_functions'];
 
 			$package_config_array['remote_api'] = array(
 				'remote_hostname' => $_SERVER['HTTP_HOST'],
@@ -116,7 +116,7 @@
 			$package_config_str = $app->ini_parser->get_ini_string($package_config_array);
 			$package['package_config'] = $package_config_str;
 			$remote_password_md5 = md5($remote_password);
-			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
+			$app->db->datalogUpdate('software_package', array("package_config" => $package_config_str), 'package_id', $package['package_id']);
 
 			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
 					(1, 1, 'riud', 'riud', '', ?, ?, ?)";
@@ -127,7 +127,12 @@
 	}
 
 	//* Add the record to start the install process
-	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
+	$insert_data = array(
+		"package_name" => $package_name,
+		"server_id" => $install_server_id,
+		"software_update_id" => $software_update_id,
+		"status" => 'installing'
+	);
 	$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
 	$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"ISPConfig.submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";
 

--
Gitblit v1.9.1