From baf5dda4cc07aa35eb9e41dda90aee0d2cdecf23 Mon Sep 17 00:00:00 2001
From: Sergio Cambra <sergio@programatica.es>
Date: Tue, 08 Jul 2014 09:53:13 -0400
Subject: [PATCH] fix escaping in sql query

---
 interface/web/client/client_template_edit.php |   13 +++++++++++++
 1 files changed, 13 insertions(+), 0 deletions(-)

diff --git a/interface/web/client/client_template_edit.php b/interface/web/client/client_template_edit.php
index d956faf..bc5c6d2 100644
--- a/interface/web/client/client_template_edit.php
+++ b/interface/web/client/client_template_edit.php
@@ -51,6 +51,19 @@
 
 class page_action extends tform_actions {
 
+	
+	function onSubmit() {
+		global $app;
+		
+		//* Resellers shall not be able to create another reseller or set reseller specific settings
+		if($_SESSION["s"]["user"]["typ"] == 'user') {
+			$this->dataRecord['limit_client'] = 0;
+			$this->dataRecord['limit_domainmodule'] = 0;
+		}
+		
+		parent::onSubmit();
+	}
+	
 	function onBeforeUpdate() {
 		global $app;
 

--
Gitblit v1.9.1