From cf4865828ced40c684ff8e42b74b8742405f9f1f Mon Sep 17 00:00:00 2001
From: "Michael Kaufmann (d00p)" <d00p@froxlor.org>
Date: Sun, 17 Nov 2013 10:51:28 +0100
Subject: [PATCH] fix forgotten ->escape in customer_ftp

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>
---
 customer_domains.php | 13 -------------
 customer_ftp.php     | 13 +++++++------
 2 files changed, 7 insertions(+), 19 deletions(-)

diff --git a/customer_domains.php b/customer_domains.php
index 9fe579d9..302e80b2 100644
--- a/customer_domains.php
+++ b/customer_domains.php
@@ -18,11 +18,6 @@
  */
 
 define('AREA', 'customer');
-
-/**
- * Include our init.php, which manages Sessions, Language etc.
- */
-
 require ("./lib/init.php");
 
 if(isset($_POST['id'])) {
@@ -717,14 +712,6 @@ if($page == 'overview') {
 				$cert_content = openssl_x509_parse($ssl_cert_file);
 
 				if (is_array($cert_content) && isset($cert_content['subject']) && isset($cert_content['subject']['CN'])) {
-					// TODO self-signed certs might differ and don't need/want this
-					/*
-					$domain = $db->query_first("SELECT * FROM `".TABLE_PANEL_DOMAINS."` WHERE `id`='".(int)$id."'");
-					if (strtolower($cert_content['subject']['CN']) != strtolower($idna_convert->decode($domain['domain']))) {
-						standard_error('sslcertificatewrongdomain');
-					}
-					*/
-
 					// bool openssl_x509_check_private_key ( mixed $cert , mixed $key )
 					// Checks whether the given key is the private key that corresponds to cert.
 					if (openssl_x509_check_private_key($ssl_cert_file, $ssl_key_file) === false) {
diff --git a/customer_ftp.php b/customer_ftp.php
index c56661bf..5ae58af7 100644
--- a/customer_ftp.php
+++ b/customer_ftp.php
@@ -119,11 +119,12 @@ if ($page == 'overview') {
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid'], "id" => $id));
 				
-				$stmt = Database::prepare("UPDATE `" . TABLE_FTP_GROUPS . "`
-					SET `members`=REPLACE(`members`,'," . $db->escape($result['username']) . "','')
-					WHERE `customerid`='" . (int)$userinfo['customerid'] . "'"
-				);
-				Database::pexecute($stmt, array("username" => $result['username'], "customerid" => $userinfo['customerid']));
+				$stmt = Database::prepare("
+					UPDATE `" . TABLE_FTP_GROUPS . "` SET
+					`members` = REPLACE(`members`, :username,'')
+					WHERE `customerid` = :customerid
+				");
+				Database::pexecute($stmt, array("username" => ",".$result['username'], "customerid" => $userinfo['customerid']));
 
 				$log->logAction(USR_ACTION, LOG_INFO, "deleted ftp-account '" . $result['username'] . "'");
 
@@ -140,7 +141,7 @@ if ($page == 'overview') {
 				);
 				Database::pexecute($stmt, array("customerid" => $userinfo['customerid']));
 				
-				redirectTo($filename, Array('page' => $page, 's' => $s));
+				redirectTo($filename, array('page' => $page, 's' => $s));
 			} else {
 				ask_yesno_withcheckbox('ftp_reallydelete', 'admin_customer_alsoremoveftphomedir', $filename, array('id' => $id, 'page' => $page, 'action' => $action), $result['username']);
 			}