fix two queries and corrected escaping of ticket-category, thx to vali

Signed-off-by: Michael Kaufmann (d00p) <d00p@froxlor.org>

admin_customers.php

@@ -933,7 +933,7 @@ if ($page == 'customers'
 							`caneditdomain` = '0',
 							`openbasedir` = '1',
 							`speciallogfile` = '0',
-							`specialsettings` = ''
+							`specialsettings` = '',
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);
@@ -1285,7 +1285,7 @@ if ($page == 'customers'
 							`caneditdomain` = '0',
 							`openbasedir` = '1',
 							`speciallogfile` = '0',
-							`specialsettings` = ''
+							`specialsettings` = '',
 							`add_date` = :adddate"
 						);
 						Database::pexecute($ins_stmt, $ins_data);

admin_tickets.php

@@ -372,6 +372,8 @@ if ($page == 'tickets'
 
 				$subject = $subticket->Get('subject');
 				$message = $subticket->Get('message');
+
+				$row2 = htmlentities_array($row2);
 				eval("\$ticket_replies.=\"" . getTemplate("tickets/tickets_tickets_list") . "\";");
 			}
 
@@ -574,6 +576,7 @@ if ($page == 'tickets'
 				SELECT * FROM `' . TABLE_PANEL_TICKET_CATS . '` WHERE `id` = :id'
 			);
 			$row = Database::pexecute_first($row_stmt, array('id' => $id));
+			$row = htmlentities_array($row);
 			$category_edit_data = include_once dirname(__FILE__).'/lib/formfields/admin/tickets/formfield.category_edit.php';
 			$category_edit_form = htmlform::genHTMLForm($category_edit_data);
 

admin_traffic.php

@@ -62,7 +62,11 @@ if ($page == 'overview' || $page == 'customers') {
 			WHERE `customerid` = :id" . 
 			($userinfo['customers_see_all'] ? '' : " AND `adminid` = :adminid")
 		);
-		Database::pexecute($result_stmt, array('id' => $id, 'adminid' => $userinfo['adminid']));
+		$params = array('id' => $id);
+		if ($userinfo['customers_see_all'] == '0') {
+			$params['adminid'] = $userinfo['adminid'];
+		}
+		Database::pexecute($result_stmt, params);
 		$result = $result_stmt->fetch(PDO::FETCH_ASSOC);
 
 		if ($result['loginname'] != '') {