From 0c505e8b6cae6dc8ee73369155961488f225fa01 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Tue, 17 May 2016 18:47:09 +0200
Subject: [PATCH] [security] using prepared query in the panel

---
 bureau/admin/piwik_useradmin.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/bureau/admin/piwik_useradmin.php b/bureau/admin/piwik_useradmin.php
index 46c1e6d8..2179c5cc 100644
--- a/bureau/admin/piwik_useradmin.php
+++ b/bureau/admin/piwik_useradmin.php
@@ -45,7 +45,7 @@ else
 {
 	// Add a user to a piwik website
 	if ($site_id != -1 && $right !== FALSE) {
-		$db->query("SELECT COUNT(*) AS ok FROM piwik_sites WHERE uid='$cuid' AND piwik_id='$site_id'");
+		$db->query("SELECT COUNT(*) AS ok FROM piwik_sites WHERE uid=? AND piwik_id=?;",array($cuid,$site_id));
 		$db->next_record();
 		if ($db->f('ok')!=1)
 		{
@@ -53,7 +53,7 @@ else
 		}
 		else
 		{
-			$db->query("SELECT COUNT(*) AS ok FROM piwik_users WHERE uid='$cuid' AND login='$user_name'");
+			$db->query("SELECT COUNT(*) AS ok FROM piwik_users WHERE uid=? AND login=?",array($cuid,$user_name));
 			$db->next_record();
 			if ($db->f('ok')!=1)
 			{
@@ -79,7 +79,7 @@ else
 	}
 
 	$user_piwik_sites = array();
-	$db->query("SELECT piwik_id FROM piwik_sites WHERE uid='$cuid'");
+	$db->query("SELECT piwik_id FROM piwik_sites WHERE uid=?",array($cuid));
 	while ($db->next_record()) 
 		array_push($user_piwik_sites, $db->f('piwik_id'));
 	// Weird behaviour of php: array_push products an array such as:
@@ -89,7 +89,7 @@ else
 	$user_piwik_sites = array_flip($user_piwik_sites);
 
 	$user_piwik_users = array();
-	$db->query("SELECT login FROM piwik_users WHERE uid='$cuid'");
+	$db->query("SELECT login FROM piwik_users WHERE uid=?",arary($cuid));
 	while ($db->next_record())
 		array_push ($user_piwik_users, $db->f('login'));
 	// Swap keys and values, see user_piwik_sites