From b45479611dea99bcdc6cdd276e0d47e7ad902a21 Mon Sep 17 00:00:00 2001
From: Dominik Mueller <info@profi-webdesign.net>
Date: Wed, 5 Mar 2014 17:37:08 +0100
Subject: [PATCH] switched to new query syntax - do quoting where it is needed

---
 interface/lib/classes/quota_lib.inc.php      | 17 ++++++++++-------
 interface/lib/classes/remote.d/mail.inc.php  |  1 -
 interface/lib/classes/remote.d/sites.inc.php |  1 -
 3 files changed, 10 insertions(+), 9 deletions(-)

diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
index 55b2aa8571..7446573535 100644
--- a/interface/lib/classes/quota_lib.inc.php
+++ b/interface/lib/classes/quota_lib.inc.php
@@ -13,12 +13,14 @@ class quota_lib {
 		}
 		//print_r($monitor_data);
 		
+		// select all websites or websites belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost' AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'");
 		}
 		
-		// select websites belonging to client
-		$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'".$sql_where);
 		//print_r($sites);
 		if(is_array($sites) && !empty($sites)){
 			for($i=0;$i<sizeof($sites);$i++){
@@ -111,13 +113,14 @@ class quota_lib {
 		}
 		//print_r($monitor_data);
 		
+		// select all email accounts or email accounts belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user");
 		}
 		
-		
-		// select email accounts belonging to client
-		$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE 1".$sql_where);
 		//print_r($emails);
 		if(is_array($emails) && !empty($emails)){
 			for($i=0;$i<sizeof($emails);$i++){
diff --git a/interface/lib/classes/remote.d/mail.inc.php b/interface/lib/classes/remote.d/mail.inc.php
index d97f575ab9..e579fb67ff 100644
--- a/interface/lib/classes/remote.d/mail.inc.php
+++ b/interface/lib/classes/remote.d/mail.inc.php
@@ -1034,7 +1034,6 @@ class remoting_mail extends remoting {
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
 		
 		return $app->quota_lib->get_mailquota_data($client_id, false);
 	}
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
index 91b4523365..94ec2b1461 100644
--- a/interface/lib/classes/remote.d/sites.inc.php
+++ b/interface/lib/classes/remote.d/sites.inc.php
@@ -882,7 +882,6 @@ class remoting_sites extends remoting {
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
 	
 		return $app->quota_lib->get_quota_data($client_id, false);
 	}
-- 
GitLab