From f7ec00b2f8ba3efc5bdeacef9c813f8a826ae3be Mon Sep 17 00:00:00 2001
From: Patrick Anders <p.anders@timmehosting.de>
Date: Wed, 10 Dec 2014 08:44:26 -0500
Subject: [PATCH] add Spdy option - http://en.wikipedia.org/wiki/SPDY

---
 interface/web/admin/software_package_install.php |   11 ++++++-----
 1 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/interface/web/admin/software_package_install.php b/interface/web/admin/software_package_install.php
index 6150709..0fd5881 100644
--- a/interface/web/admin/software_package_install.php
+++ b/interface/web/admin/software_package_install.php
@@ -33,6 +33,7 @@
 
 //* Check permissions for module
 $app->auth->check_module_permissions('admin');
+$app->auth->check_security_permissions('admin_allow_software_packages');
 
 //* This is only allowed for administrators
 if(!$app->auth->is_admin()) die('only allowed for administrators.');
@@ -50,7 +51,7 @@
 //* verify the key
 if($package['package_installable'] == 'key' && $install_key != '') {
 
-	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$package['software_repo_id']);
+	$repo = $app->db->queryOneRecord("SELECT * FROM software_repo WHERE software_repo_id = ".$app->db->quote($package['software_repo_id']));
 
 	$client = new SoapClient(null, array('location' => $repo['repo_url'],
 			'uri'      => $repo['repo_url']));
@@ -62,7 +63,7 @@
 		$message_err = 'Verification of the key failed.';
 	} else {
 		// Store the verified key into the database
-		$app->db->datalogUpdate('software_package', "package_key = '$install_key'", 'package_id', $package['package_id']);
+		$app->db->datalogUpdate('software_package', "package_key = '".$app->db->quote($install_key)."'", 'package_id', $package['package_id']);
 	}
 } else {
 	$message_ok = 'Please enter the software key for the package.';
@@ -70,7 +71,7 @@
 
 //* Install packages, if all requirements are fullfilled.
 if($install_server_id > 0 && $package_name != '' && ($package['package_installable'] == 'yes' || $install_key_verified == true)) {
-	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '$package_name' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
+	$sql = "SELECT software_update_id, package_name, update_title FROM software_update WHERE type = 'full' AND package_name = '".$app->db->quote($package_name)."' ORDER BY v1 DESC, v2 DESC, v3 DESC, v4 DESC LIMIT 0,1";
 	$tmp = $app->db->queryOneRecord($sql);
 	$software_update_id = $tmp['software_update_id'];
 
@@ -118,7 +119,7 @@
 			$app->db->datalogUpdate('software_package', "package_config = '".$app->db->quote($package_config_str)."'", 'package_id', $package['package_id']);
 
 			$sql = "INSERT INTO `remote_user` (`sys_userid`, `sys_groupid`, `sys_perm_user`, `sys_perm_group`, `sys_perm_other`, `remote_username`, `remote_password`, `remote_functions`) VALUES
-					(1, 1, 'riud', 'riud', '', '$remote_user', '$remote_password_md5', '$remote_functions');";
+					(1, 1, 'riud', 'riud', '', '".$app->db->quote($remote_user)."', '".$app->db->quote($remote_password_md5)."', '".$app->db->quote($remote_functions)."');";
 
 			$app->db->query($sql);
 
@@ -127,7 +128,7 @@
 	}
 
 	//* Add the record to start the install process
-	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('$package_name', '$install_server_id', '$software_update_id','installing')";
+	$insert_data = "(package_name, server_id, software_update_id, status) VALUES ('".$app->db->quote($package_name)."', '".$app->db->quote($install_server_id)."', '".$app->db->quote($software_update_id)."','installing')";
 	$app->db->datalogInsert('software_update_inst', $insert_data, 'software_update_inst_id');
 	$message_ok = 'Starting package installation '."<a href=\"#\" onclick=\"submitForm('pageForm','admin/software_package_list.php');\">".$app->lng('next')."</a>";
 

--
Gitblit v1.9.1