From 7ee336c7ccb5f8d35b8eb05cf5e812a42154cbc2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Wed, 15 Apr 2015 09:19:30 -0400
Subject: [PATCH] - ported some patches
---
interface/lib/classes/validate_client.inc.php | 18 +++++++++++-------
1 files changed, 11 insertions(+), 7 deletions(-)
diff --git a/interface/lib/classes/validate_client.inc.php b/interface/lib/classes/validate_client.inc.php
index 198701b..468a022 100644
--- a/interface/lib/classes/validate_client.inc.php
+++ b/interface/lib/classes/validate_client.inc.php
@@ -43,7 +43,7 @@
}
if($client_id == 0) {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."'");
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ?", $field_value);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -53,7 +53,7 @@
}
}
} else {
- $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = '".$app->db->quote($field_value)."' AND client_id != ".$app->functions->intval($client_id));
+ $num_rec = $app->db->queryOneRecord("SELECT count(*) as number FROM sys_user WHERE username = ? AND client_id != ?", $field_value, $client_id);
if($num_rec["number"] > 0) {
$errmsg = $validator['errmsg'];
if(isset($app->tform->wordbook[$errmsg])) {
@@ -108,20 +108,24 @@
switch ($field_name)
{
case 'web_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM web_domain INNER JOIN sys_user ON web_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'dns_servers':
- $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT id FROM dns_rr INNER JOIN sys_user ON dns_rr.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'db_servers':
- $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT database_id FROM web_database INNER JOIN sys_user ON web_database.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
case 'mail_servers':
- $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ' . $client_id . ' AND server_id NOT IN (' . implode(', ', $field_value) . ');');
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM mail_domain INNER JOIN sys_user ON mail_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
break;
+
+ case 'xmpp_servers':
+ $used_servers = $app->db->queryAllRecords('SELECT domain_id FROM xmpp_domain INNER JOIN sys_user ON xmpp_domain.sys_userid = sys_user.userid WHERE client_id = ? AND server_id NOT IN ?', $client_id, $field_value);
+ break;
}
if ($used_servers === null || count($used_servers))
@@ -147,7 +151,7 @@
}
// check if country is member of EU
- $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = '".$country."'");
+ $country_details = $app->db->queryOneRecord("SELECT * FROM country WHERE iso = ?", $country);
if($country_details['eu'] == 'y' && $vatid != ''){
$vatid = preg_replace('/\s+/', '', $vatid);
--
Gitblit v1.9.1