From 6b1fde7e9a450ae8e4835f7e8c2ba1f398e78c1f Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 21 May 2015 04:14:10 -0400
Subject: [PATCH] Merge remote-tracking branch 'ispc/master'

---
 interface/lib/classes/remote.d/admin.inc.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/remote.d/admin.inc.php b/interface/lib/classes/remote.d/admin.inc.php
index ba966fe..2541ca5 100644
--- a/interface/lib/classes/remote.d/admin.inc.php
+++ b/interface/lib/classes/remote.d/admin.inc.php
@@ -60,7 +60,7 @@
 			switch($key) {
 				case 'sys_userid':
 					// check if userid is valid
-					$check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ' . $app->functions->intval($value));
+					$check = $app->db->queryOneRecord('SELECT userid FROM sys_user WHERE userid = ?', $app->functions->intval($value));
 					if(!$check || !$check['userid']) {
 						$this->server->fault('invalid parameters', $value . ' is no valid sys_userid.');
 						return false;
@@ -69,7 +69,7 @@
 					break;
 				case 'sys_groupid':
 					// check if groupid is valid
-					$check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ' . $app->functions->intval($value));
+					$check = $app->db->queryOneRecord('SELECT groupid FROM sys_group WHERE groupid = ?', $app->functions->intval($value));
 					if(!$check || !$check['groupid']) {
 						$this->server->fault('invalid parameters', $value . ' is no valid sys_groupid.');
 						return false;

--
Gitblit v1.9.1