From fe89f82e2e5857f5b3a88f48bcfb840d2d680b04 Mon Sep 17 00:00:00 2001 From: svncommit Date: Fri, 9 Nov 2007 15:42:12 +0000 Subject: Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)' --- program/include/main.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'program/include/main.inc') diff --git a/program/include/main.inc b/program/include/main.inc index b940e2a13..1764435ee 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -705,7 +705,7 @@ function rcmail_create_user($user, $host) // try to resolve the e-mail address from the virtuser table if (!empty($CONFIG['virtuser_query']) && - ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) && + ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) && ($DB->num_rows()>0)) { while ($sql_arr = $DB->fetch_array($sql_result)) -- cgit v1.2.3