switched to new query syntax - do quoting where it is needed

renky · renky · commit b45479611dea · 2014-03-05T17:37:08.000+01:00
diff --git a/interface/lib/classes/quota_lib.inc.php b/interface/lib/classes/quota_lib.inc.php
@@ -13,12 +13,14 @@ public function get_quota_data($clientid = null, $readable = true) {
 		}
 		//print_r($monitor_data);
 		
+		// select all websites or websites belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost' AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'");
 		}
 		
-		// select websites belonging to client
-		$sites = $app->db->queryAllRecords("SELECT * FROM web_domain WHERE active = 'y' AND type = 'vhost'".$sql_where);
 		//print_r($sites);
 		if(is_array($sites) && !empty($sites)){
 			for($i=0;$i<sizeof($sites);$i++){
@@ -111,13 +113,14 @@ public function get_mailquota_data($clientid = null, $readable = true) {
 		}
 		//print_r($monitor_data);
 		
+		// select all email accounts or email accounts belonging to client
 		if($clientid != null){
-			$sql_where = " AND sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=".$clientid.")";
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE sys_groupid = (SELECT default_group FROM sys_user WHERE client_id=?)", $app->functions->intval($client_id));
+		}
+		else {
+			$emails = $app->db->queryAllRecords("SELECT * FROM mail_user");
 		}
 		
-		
-		// select email accounts belonging to client
-		$emails = $app->db->queryAllRecords("SELECT * FROM mail_user WHERE 1".$sql_where);
 		//print_r($emails);
 		if(is_array($emails) && !empty($emails)){
 			for($i=0;$i<sizeof($emails);$i++){
diff --git a/interface/lib/classes/remote.d/mail.inc.php b/interface/lib/classes/remote.d/mail.inc.php
@@ -1034,7 +1034,6 @@ public function mailquota_get_by_user($session_id, $client_id)
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
 		
 		return $app->quota_lib->get_mailquota_data($client_id, false);
 	}
diff --git a/interface/lib/classes/remote.d/sites.inc.php b/interface/lib/classes/remote.d/sites.inc.php
@@ -882,7 +882,6 @@ public function quota_get_by_user($session_id, $client_id)
 			$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');
 			return false;
 		}
-		$client_id = $app->functions->intval($client_id);
 	
 		return $app->quota_lib->get_quota_data($client_id, false);
 	}

Original file line number	Diff line number	Diff line change
`@@ -1034,7 +1034,6 @@ public function mailquota_get_by_user($session_id, $client_id)`
`1034`	`1034`	`$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');`
`1035`	`1035`	`return false;`
`1036`	`1036`	`}`
`1037`		`- $client_id = $app->functions->intval($client_id);`
`1038`	`1037`
`1039`	`1038`	`return $app->quota_lib->get_mailquota_data($client_id, false);`
`1040`	`1039`	`}`
Original file line number	Diff line number	Diff line change
`@@ -882,7 +882,6 @@ public function quota_get_by_user($session_id, $client_id)`
`882`	`882`	`$this->server->fault('permission_denied', 'You do not have the permissions to access this function.');`
`883`	`883`	`return false;`
`884`	`884`	`}`
`885`		`- $client_id = $app->functions->intval($client_id);`
`886`	`885`
`887`	`886`	`return $app->quota_lib->get_quota_data($client_id, false);`
`888`	`887`	`}`