From fc0a1c8d6171243c8184f99f506b1bba13a36b25 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Mon, 25 Aug 2014 11:01:07 -0400
Subject: [PATCH] - fixed sql injection regex

---
 interface/lib/classes/remoting.inc.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index 0ccfd65..b47d9cf 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -1426,7 +1426,7 @@
 		
 		if($params['parent_client_id']) {
 			// check if this one is reseller
-			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($client_id));
+			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
 			if($check['limit_client'] == 0) {
 				$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
 				return false;
@@ -1461,7 +1461,7 @@
 
 		if($params['parent_client_id']) {
 			// check if this one is reseller
-			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($client_id));
+			$check = $app->db->queryOneRecord('SELECT `limit_client` FROM `client` WHERE `client_id` = ' . intval($params['parent_client_id']));
 			if($check['limit_client'] == 0) {
 				$this->server->fault('Invalid reseller', 'Selected client is not a reseller.');
 				return false;

--
Gitblit v1.9.1