From abe3d77d2cbcb133c94264dee99695938004e2a3 Mon Sep 17 00:00:00 2001
From: robin <robin@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 9 Nov 2007 15:42:12 +0000
Subject: Add escapeSimple method to rcube_db() object, to be used instead of
 quote() which will not allways work in virtuser query, for example when using
 something like REGEXP '(^|,)%u(,|$)'

git-svn-id: https://svn.roundcube.net/trunk@915 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/include/main.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'roundcubemail/program/include/main.inc')

diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc
index b940e2a13..1764435ee 100644
--- a/roundcubemail/program/include/main.inc
+++ b/roundcubemail/program/include/main.inc
@@ -705,7 +705,7 @@ function rcmail_create_user($user, $host)
 
     // try to resolve the e-mail address from the virtuser table
     if (!empty($CONFIG['virtuser_query']) &&
-        ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
+        ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) &&
         ($DB->num_rows()>0))
     {
       while ($sql_arr = $DB->fetch_array($sql_result))
-- 
cgit v1.2.3