fix escaping in sql query

scambra · scambra · commit baf5dda4cc07 · 2014-07-08T15:53:13.000+02:00
diff --git a/interface/lib/classes/tools_sites.inc.php b/interface/lib/classes/tools_sites.inc.php
@@ -156,7 +156,7 @@ function getDomainModuleDomains($not_used_in_table = null, $selected_domain = nu
 				$field = "domain";
 				$select = $field;
 			}
-			$sql .= " domain NOT IN (SELECT $select FROM $not_used_in_table WHERE $field != '$selected_domain') AND";
+			$sql .= " domain NOT IN (SELECT $select FROM ?? WHERE $field != ?) AND";
 		}
 		if ($_SESSION["s"]["user"]["typ"] == 'admin') {
 			$sql .= " 1";
@@ -165,7 +165,7 @@ function getDomainModuleDomains($not_used_in_table = null, $selected_domain = nu
 			$sql .= " sys_groupid IN (".$groups.")";
 		}
 		$sql .= " ORDER BY domain";
-		return $app->db->queryAllRecords($sql);
+		return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);
 	}
 
 	function checkDomainModuleDomain($domain_id) {

Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ function getDomainModuleDomains($not_used_in_table = null, $selected_domain = nu`
`156`	`156`	`$field = "domain";`
`157`	`157`	`$select = $field;`
`158`	`158`	`}`
`159`		`- $sql .= " domain NOT IN (SELECT $select FROM $not_used_in_table WHERE $field != '$selected_domain') AND";`
	`159`	`+ $sql .= " domain NOT IN (SELECT $select FROM ?? WHERE $field != ?) AND";`
`160`	`160`	`}`
`161`	`161`	`if ($_SESSION["s"]["user"]["typ"] == 'admin') {`
`162`	`162`	`$sql .= " 1";`
`@@ -165,7 +165,7 @@ function getDomainModuleDomains($not_used_in_table = null, $selected_domain = nu`
`165`	`165`	`$sql .= " sys_groupid IN (".$groups.")";`
`166`	`166`	`}`
`167`	`167`	`$sql .= " ORDER BY domain";`
`168`		`- return $app->db->queryAllRecords($sql);`
	`168`	`+ return $app->db->queryAllRecords($sql, $not_used_in_table, $selected_domain);`
`169`	`169`	`}`
`170`	`170`
`171`	`171`	`function checkDomainModuleDomain($domain_id) {`