From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/admin/software_update_list.php |   22 +++++++++++++---------
 1 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/interface/web/admin/software_update_list.php b/interface/web/admin/software_update_list.php
index e813ded..c987e9e 100644
--- a/interface/web/admin/software_update_list.php
+++ b/interface/web/admin/software_update_list.php
@@ -72,13 +72,13 @@
 						$v3 = $app->functions->intval($version_array[2]);
 						$v4 = $app->functions->intval($version_array[3]);
 
-						$package_name = $app->db->quote($u['package_name']);
+						$package_name = $u['package_name'];
 						$software_repo_id = $app->functions->intval($repo['software_repo_id']);
-						$update_url = $app->db->quote($u['url']);
-						$update_md5 = $app->db->quote($u['md5']);
-						$update_dependencies = (isset($u['dependencies']))?$app->db->quote($u['dependencies']):'';
-						$update_title = $app->db->quote($u['title']);
-						$type = $app->db->quote($u['type']);
+						$update_url = $u['url'];
+						$update_md5 = $u['md5'];
+						$update_dependencies = (isset($u['dependencies']))?$u['dependencies']:'';
+						$update_title = $u['title'];
+						$type = $u['type'];
 
 						// Check that we do not have this update in the database yet
 						$sql = "SELECT * FROM software_update WHERE package_name = ? and v1 = ? and v2 = ? and v3 = ? and v4 = ?";
@@ -101,12 +101,16 @@
 
 //* Install packages, if GET Request
 if(isset($_GET['action']) && $_GET['action'] == 'install' && $_GET['package'] != '' && $_GET['server_id'] > 0) {
-	$package_name = $app->db->quote($_GET['package']);
+	$package_name = $_GET['package'];
 	$server_id = $app->functions->intval($_GET['server_id']);
 	$software_update_id = $app->functions->intval($_GET['id']);
 
-	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installing')";
-	// $insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$server_id', '$software_update_id','installed')";
+	$insert_data = array(
+		"package_name" => $package_name,
+		"server_id" => $server_id,
+		"software_update_id" => $software_update_id,
+		"status" => 'installing'
+	);
 	$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
 
 }

--
Gitblit v1.9.1