From afe87b044dc20ceb104b31213543c14b562facd7 Mon Sep 17 00:00:00 2001
From: Dominik <info@profi-webdesign.com>
Date: Sat, 25 Apr 2015 08:26:02 -0400
Subject: [PATCH] Merge branch 'reject_sender_login_mismatch' into mdbox-format

---
 interface/web/vm/openvz_action.php |   53 ++++++++++++-----------------------------------------
 1 files changed, 12 insertions(+), 41 deletions(-)

diff --git a/interface/web/vm/openvz_action.php b/interface/web/vm/openvz_action.php
index 6e090d7..757f55e 100644
--- a/interface/web/vm/openvz_action.php
+++ b/interface/web/vm/openvz_action.php
@@ -17,7 +17,7 @@
 
 if($vm_id == 0) die('Invalid VM ID');
 
-$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = $vm_id");
+$vm = $app->db->queryOneRecord("SELECT server_id, veid FROM openvz_vm WHERE vm_id = ?", $vm_id);
 $veid = $app->functions->intval($vm['veid']);
 $server_id = $app->functions->intval($vm['server_id']);
 
@@ -47,15 +47,8 @@
 
 	//* Start the virtual machine
 	$sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-		"VALUES (".
-		(int)$server_id . ", ".
-		time() . ", ".
-		"'openvz_start_vm', ".
-		$veid.", ".
-		"'pending', ".
-		"''".
-		")";
-	$app->db->query($sql);
+		"VALUES (?, UNIX_TIMESTAMP(), 'openvz_start_vm', ?, 'pending', '')";
+	$app->db->query($sql, $server_id, $veid);
 
 	$app->tpl->setVar('msg', $wb['start_exec_txt']);
 	$options['start_option_enabled'] = 'checked="checked"';
@@ -64,15 +57,8 @@
 
 	//* Stop the virtual machine
 	$sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-		"VALUES (".
-		(int)$server_id . ", ".
-		time() . ", ".
-		"'openvz_stop_vm', ".
-		$veid.", ".
-		"'pending', ".
-		"''".
-		")";
-	$app->db->query($sql);
+		"VALUES (?, UNIX_TIMESTAMP(), 'openvz_stop_vm', ?, 'pending', '')";
+	$app->db->query($sql, $server_id, $veid);
 
 	$app->tpl->setVar('msg', $wb['stop_exec_txt']);
 	$options['stop_option_enabled'] = 'checked="checked"';
@@ -81,15 +67,8 @@
 
 	//* Restart the virtual machine
 	$sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-		"VALUES (".
-		(int)$server_id . ", ".
-		time() . ", ".
-		"'openvz_restart_vm', ".
-		$veid.", ".
-		"'pending', ".
-		"''".
-		")";
-	$app->db->query($sql);
+		"VALUES (?, UNIX_TIMESTAMP(), 'openvz_restart_vm', ?, 'pending', '')";
+	$app->db->query($sql, $server_id, $veid);
 
 	$app->tpl->setVar('msg', $wb['restart_exec_txt']);
 	$options['restart_option_enabled'] = 'checked="checked"';
@@ -104,30 +83,22 @@
 	}
 
 	//* Quote name
-	$ostemplate_name = $app->db->quote($ostemplate_name);
 
 	//* Check for duplicates
-	$tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = '$ostemplate_name'");
+	$tmp = $app->db->queryOneRecord("SELECT count(ostemplate_id) as number FROM openvz_ostemplate WHERE template_file = ?", $ostemplate_name);
 	if($tmp['number'] > 0) $error_msg .= $wb['ostemplate_name_unique_error'].'<br />';
 	unset($tmp);
 
 	if($error_msg == '') {
 		//* Create ostemplate action
 		$sql =  "INSERT INTO sys_remoteaction (server_id, tstamp, action_type, action_param, action_state, response) " .
-			"VALUES (".
-			(int)$server_id . ", ".
-			time() . ", ".
-			"'openvz_create_ostpl', ".
-			"'".$veid.":".$ostemplate_name."', ".
-			"'pending', ".
-			"''".
-			")";
-		$app->db->query($sql);
+			"VALUES (?, UNIX_TIMESTAMP(), 'openvz_create_ostpl', ?, 'pending', '')";
+		$app->db->query($sql, $server_id, $veid.":".$ostemplate_name);
 
 		//* Create a record in the openvz_ostemplate table
 		$sql = "INSERT INTO `openvz_ostemplate` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `template_name`, `template_file`, `server_id`, `allservers`, `active`, `description`)
-		VALUES(1, 1, 'riud', 'riud', '', '$ostemplate_name', '$ostemplate_name', $server_id, 'n', 'y', '')";
-		$app->db->query($sql);
+		VALUES(1, 1, 'riud', 'riud', '', ?, ?, ?, 'n', 'y', '')";
+		$app->db->query($sql, $ostemplate_name, $ostemplate_name, $server_id);
 
 		$app->tpl->setVar('msg', $wb['ostemplate_exec_txt']);
 		$options['ostemplate_option_enabled'] = 'checked="checked"';

--
Gitblit v1.9.1