summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorrobin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c>2007-11-09 15:42:12 +0000
committerrobin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c>2007-11-09 15:42:12 +0000
commitabe3d77d2cbcb133c94264dee99695938004e2a3 (patch)
tree4d2c87d1fdcdc3113262369724027ef6ee13ae34
parent556da4957990babc72b75bae36018fd0e8eb5930 (diff)
Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)'
git-svn-id: https://svn.roundcube.net/trunk@915 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat
-rw-r--r--roundcubemail/program/include/main.inc2
-rw-r--r--roundcubemail/program/include/rcube_db.inc18
2 files changed, 18 insertions, 2 deletions
diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc
index b940e2a13..1764435ee 100644
--- a/roundcubemail/program/include/main.inc
+++ b/roundcubemail/program/include/main.inc
@@ -705,7 +705,7 @@ function rcmail_create_user($user, $host)
// try to resolve the e-mail address from the virtuser table
if (!empty($CONFIG['virtuser_query']) &&
- ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
+ ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) &&
($DB->num_rows()>0))
{
while ($sql_arr = $DB->fetch_array($sql_result))
diff --git a/roundcubemail/program/include/rcube_db.inc b/roundcubemail/program/include/rcube_db.inc
index ed2dcc5bb..18fa8f81a 100644
--- a/roundcubemail/program/include/rcube_db.inc
+++ b/roundcubemail/program/include/rcube_db.inc
@@ -426,6 +426,22 @@ class rcube_db
}
+ /**
+ * Escapes a string
+ *
+ * @param string The string to be escaped
+ * @return string The escaped string
+ * @access public
+ */
+ function escapeSimple($str)
+ {
+ if (!$this->db_handle)
+ $this->db_connect('r');
+
+ return $this->db_handle->escapeSimple($str);
+ }
+
+
/*
* Return SQL function for current time and date
*
@@ -580,4 +596,4 @@ class rcube_db
} // end class rcube_db
-?> \ No newline at end of file
+?>
generated by cgit v1.2.3 (git 2.51.0) at 2026-05-16 03:53:06 +0000