From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 interface/web/sites/database_phpmyadmin.php |   30 ++++++++++++++----------------
 1 files changed, 14 insertions(+), 16 deletions(-)

diff --git a/interface/web/sites/database_phpmyadmin.php b/interface/web/sites/database_phpmyadmin.php
index 0bd379d..481b4ea 100644
--- a/interface/web/sites/database_phpmyadmin.php
+++ b/interface/web/sites/database_phpmyadmin.php
@@ -28,8 +28,8 @@
 */
 
 
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
 
 //* Check permissions for module
 $app->auth->check_module_permissions('sites');
@@ -38,41 +38,39 @@
  *  get the id of the database (must be int!)
  */
 if (!isset($_GET['id'])){
-    die ("No DB selected!");
+	die ("No DB selected!");
 }
 $databaseId = $app->functions->intval($_GET['id']);
 
 /*
  * Get the data to connect to the database
  */
-$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = " . $databaseId);
+$dbData = $app->db->queryOneRecord("SELECT server_id, database_name FROM web_database WHERE database_id = ?", $databaseId);
 $serverId = $app->functions->intval($dbData['server_id']);
 if ($serverId == 0){
-    die ("No DB-Server found!");
+	die ("No DB-Server found!");
 }
-$serverData = $app->db->queryOneRecord(
-    "SELECT server_name FROM server WHERE server_id = " .
-    $serverId);
-	
+$serverData = $app->db->queryOneRecord("SELECT server_name FROM server WHERE server_id = ?", $serverId);
+
 $app->uses('getconf');
 $global_config = $app->getconf->get_global_config('sites');
-$web_config = $app->getconf->get_server_config($serverId,'web');
+$web_config = $app->getconf->get_server_config($serverId, 'web');
 
 /*
  * We only redirect to the login-form, so there is no need, to check any rights
  */
- 
+
 if($global_config['phpmyadmin_url'] != '') {
 	$phpmyadmin_url = $global_config['phpmyadmin_url'];
-	$phpmyadmin_url = str_replace(array('[SERVERNAME]', '[DATABASENAME]'),array($serverData['server_name'], $dbData['database_name']),$phpmyadmin_url);
-	header('Location:'.$phpmyadmin_url);
+	$phpmyadmin_url = str_replace(array('[SERVERNAME]', '[DATABASENAME]'), array($serverData['server_name'], $dbData['database_name']), $phpmyadmin_url);
+	header('Location: '.$phpmyadmin_url);
 } else {
 	isset($_SERVER['HTTPS'])? $http = 'https' : $http = 'http';
 	if($web_config['server_type'] == 'nginx') {
-		header('location:' . $http . '://' . $serverData['server_name'] . ':8081/phpmyadmin');
+		header('Location: http://' . $serverData['server_name'] . ':8081/phpmyadmin');
 	} else {
-		header('location:' . $http . '://' . $serverData['server_name'] . '/phpmyadmin');
+		header('Location: ' . $http . '://' . $serverData['server_name'] . '/phpmyadmin');
 	}
 }
 exit;
-?>
\ No newline at end of file
+?>

--
Gitblit v1.9.1