From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/help/support_message_edit.php |   14 +++++++-------
 1 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/interface/web/help/support_message_edit.php b/interface/web/help/support_message_edit.php
index 2d47bbf..9886541 100644
--- a/interface/web/help/support_message_edit.php
+++ b/interface/web/help/support_message_edit.php
@@ -33,8 +33,8 @@
 
 		//* Get recipient email address
 		if($this->dataRecord['recipient_id'] > 1){
-			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." AND sys_user.client_id = client.client_id";
-			$client = $app->db->queryOneRecord($sql);
+			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+			$client = $app->db->queryOneRecord($sql, $this->dataRecord['recipient_id']);
 			$recipient_email = $client['email'];
 		} else {
 			$app->uses('ini_parser,getconf');
@@ -44,8 +44,8 @@
 
 		//* Get sender email address
 		if($this->dataRecord['sender_id'] > 1){
-			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ".$app->functions->intval($this->dataRecord['sender_id'])." AND sys_user.client_id = client.client_id";
-			$client = $app->db->queryOneRecord($sql);
+			$sql = "SELECT client.email FROM sys_user, client WHERE sys_user.userid = ? AND sys_user.client_id = client.client_id";
+			$client = $app->db->queryOneRecord($sql, $this->dataRecord['sender_id']);
 			$sender_email = $client['email'];
 		} else {
 			$app->uses('ini_parser,getconf');
@@ -73,7 +73,7 @@
 			}
 			$confirmation_message .= "\n\n".$app->tform->lng('message_txt').": \"".$this->dataRecord['message']."\"";
 			$confirmation_message .= "\n\nISPConfig: ".($_SERVER['HTTPS'] == 'on' ? 'https://' : 'http://').$_SERVER['HTTP_HOST'];
-			$app->functions->mail($sender_email, $subject, $confirmation_message, $recipient_email);
+			if ($this->dataRecord['subject'] != '' && $this->dataRecord['message'] != '') $app->functions->mail($sender_email, $subject, $confirmation_message, $recipient_email);
 		} else {
 			$app->tform->errorMessage .= $app->tform->lng("recipient_or_sender_email_address_not_valid_txt")."<br />";
 		}
@@ -91,7 +91,7 @@
 		//*  read only template  if a existing message is loaded
 		if($this->id > 0) {
 			$app->tform->formDef['tabs']['message']['template'] = 'templates/support_message_view.htm';
-			$record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ".$this->id);
+			$record = $app->db->queryOneRecord("SELECT * FROM support_message WHERE support_message_id = ?", $this->id);
 			if ($record['tstamp'] > 0) {
 				// is value int?
 				if (preg_match("/^[0-9]+[\.]?[0-9]*$/", $record['tstamp'], $p)) {
@@ -113,7 +113,7 @@
 		global $app, $conf;
 
 		if($_SESSION['s']['user']['typ'] == 'admin') {
-			$app->db->query("UPDATE support_message SET sys_userid = ".$app->functions->intval($this->dataRecord['recipient_id'])." WHERE support_message_id = ".$this->id);
+			$app->db->query("UPDATE support_message SET sys_userid = ? WHERE support_message_id = ?", $this->dataRecord['recipient_id'], $this->id);
 		}
 
 	}

--
Gitblit v1.9.1