From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/sites/aps_do_operation.php | 37 ++++++-------------------------------
1 files changed, 6 insertions(+), 31 deletions(-)
diff --git a/interface/web/sites/aps_do_operation.php b/interface/web/sites/aps_do_operation.php
index b4d9493..ff0705f 100644
--- a/interface/web/sites/aps_do_operation.php
+++ b/interface/web/sites/aps_do_operation.php
@@ -50,15 +50,15 @@
if(!$gui->isValidPackageID($_GET['id'], true)) die($app->lng('Invalid ID'));
// Change the existing status to the opposite
- $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $get_status = $app->db->queryOneRecord("SELECT package_status FROM aps_packages WHERE id = ?", $_GET['id']);
if($get_status['package_status'] == strval(PACKAGE_LOCKED))
{
- $app->db->query("UPDATE aps_packages SET package_status = ".PACKAGE_ENABLED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET package_status = ? WHERE id = ?", PACKAGE_ENABLED, $_GET['id']);
echo '<div class="swap" id="ir-Yes"><span>'.$app->lng('Yes').'</span></div>';
}
else
{
- $app->db->query("UPDATE aps_packages SET Package_status = ".PACKAGE_LOCKED." WHERE id = '".$app->functions->intval($_GET['id'])."';");
+ $app->db->query("UPDATE aps_packages SET Package_status = ? WHERE id = ?", PACKAGE_LOCKED, $_GET['id']);
echo '<div class="swap" id="ir-No"><span>'.$app->lng('No').'</span></div>';
}
}
@@ -69,7 +69,7 @@
$is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
if(!$is_admin)
{
- $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");
+ $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = ?", $_SESSION['s']['user']['username']);
$client_id = $cid['client_id'];
}
@@ -78,35 +78,10 @@
// Only delete the instance if the status is "installed" or "flawed"
$check = $app->db->queryOneRecord("SELECT id FROM aps_instances
- WHERE id = ".$app->db->quote($_GET['id'])." AND
- (instance_status = ".INSTANCE_SUCCESS." OR instance_status = ".INSTANCE_ERROR.");");
+ WHERE id = ? AND
+ (instance_status = ? OR instance_status = ?)", $_GET['id'], INSTANCE_SUCCESS, INSTANCE_ERROR);
if($check['id'] > 0) $gui->deleteInstance($_GET['id']);
//echo $app->lng('Installation_remove');
- @header('Location:aps_installedpackages_list.php');
- }
-else if($_GET['action'] == 'reinstall_instance')
- {
- // Make sure a valid package ID is given (also corresponding to the calling user)
- $client_id = 0;
- $is_admin = ($_SESSION['s']['user']['typ'] == 'admin') ? true : false;
- if(!$is_admin)
- {
- $cid = $app->db->queryOneRecord("SELECT client_id FROM client WHERE username = '".$app->db->quote($_SESSION['s']['user']['username'])."';");
- $client_id = $cid['client_id'];
- }
- // Assume that the given instance belongs to the currently calling client_id. Unimportant if status is admin
- if(!$gui->isValidInstanceID($_GET['id'], $client_id, $is_admin)) die($app->lng('Invalid ID'));
-
- // We've an InstanceID, so make sure the package is not enabled and InstanceStatus is still "installed"
- $check = $app->db->queryOneRecord("SELECT aps_instances.id FROM aps_instances, aps_packages
- WHERE aps_instances.package_id = aps_packages.id
- AND aps_instances.instance_status = ".INSTANCE_SUCCESS."
- AND aps_packages.package_status = ".PACKAGE_ENABLED."
- AND aps_instances.id = ".$app->db->quote($_GET['id']).";");
- if(!$check) die('Check failed'); // normally this might not happen at all, so just die
-
- $gui->reinstallInstance($_GET['id']);
- //echo $app->lng('Installation_task');
@header('Location:aps_installedpackages_list.php');
}
?>
--
Gitblit v1.9.1