From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/lib/classes/remoting.inc.php |   24 +++++++++++++-----------
 1 files changed, 13 insertions(+), 11 deletions(-)

diff --git a/interface/lib/classes/remoting.inc.php b/interface/lib/classes/remoting.inc.php
index a8c228c..2ed5761 100644
--- a/interface/lib/classes/remoting.inc.php
+++ b/interface/lib/classes/remoting.inc.php
@@ -90,11 +90,8 @@
 		}
 
 		//* Delete old remoting sessions
-		$sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMSTAMP()";
+		$sql = "DELETE FROM remote_session WHERE tstamp < UNIX_TIMESTAMP()";
 		$app->db->query($sql);
-
-		$username = $app->db->quote($username);
-		$password = $app->db->quote($password);
 
 		if($client_login == true) {
 			$sql = "SELECT * FROM sys_user WHERE USERNAME = ?";
@@ -175,8 +172,6 @@
 			return false;
 		}
 
-		$session_id = $app->db->quote($session_id);
-
 		$sql = "DELETE FROM remote_session WHERE remote_session = ?";
 		if($app->db->query($sql, $session_id) != false) {
 			return true;
@@ -201,7 +196,7 @@
 		$sql = $app->remoting_lib->getSQL($params, 'INSERT', 0);
 
 		//* Check if no system user with that username exists
-		$username = $app->db->quote($params["username"]);
+		$username = $params["username"];
 		$tmp = $app->db->queryOneRecord("SELECT count(userid) as number FROM sys_user WHERE username = ?", $username);
 		if($tmp['number'] > 0) $app->remoting_lib->errorMessage .= "Duplicate username<br />";
 
@@ -236,7 +231,7 @@
 
 		/* copied from the client_edit php */
 		exec('ssh-keygen -t rsa -C '.$username.'-rsa-key-'.time().' -f /tmp/id_rsa -N ""');
-		$app->db->query("UPDATE client SET created_at = UNIX_TIMSTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
+		$app->db->query("UPDATE client SET created_at = UNIX_TIMESTAMP(), id_rsa = ?, ssh_rsa = ? WHERE client_id = ?", @file_get_contents('/tmp/id_rsa'), @file_get_contents('/tmp/id_rsa.pub'), $this->id);
 		exec('rm -f /tmp/id_rsa /tmp/id_rsa.pub');
 
 
@@ -341,10 +336,19 @@
 		
 		//* get old record and merge with params, so only new values have to be set in $params
 		$old_rec = $app->remoting_lib->getDataRecord($primary_id);
+		
+		foreach ($app->remoting_lib->formDef['fields'] as $fieldName => $fieldConf)
+        {
+            if ($fieldConf['formtype'] === 'PASSWORD' && empty($params[$fieldName])) {
+                unset($old_rec[$fieldName]);
+            }
+        }
+		
 		$params = $app->functions->array_merge($old_rec,$params);
 
 		//* Get the SQL query
 		$sql = $app->remoting_lib->getSQL($params, 'UPDATE', $primary_id);
+		
 		// throw new SoapFault('debug', $sql);
 		if($app->remoting_lib->errorMessage != '') {
 			throw new SoapFault('data_processing_error', $app->remoting_lib->errorMessage);
@@ -471,9 +475,7 @@
 			return false;
 		}
 
-		$session_id = $app->db->quote($session_id);
-
-		$sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMSTAMP()";
+		$sql = "SELECT * FROM remote_session WHERE remote_session = ? AND tstamp >= UNIX_TIMESTAMP()";
 		$session = $app->db->queryOneRecord($sql, $session_id);
 		if($session['remote_userid'] > 0) {
 			return $session;

--
Gitblit v1.9.1