From abe3d77d2cbcb133c94264dee99695938004e2a3 Mon Sep 17 00:00:00 2001 From: robin Date: Fri, 9 Nov 2007 15:42:12 +0000 Subject: Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)' git-svn-id: https://svn.roundcube.net/trunk@915 208e9e7b-5314-0410-a742-e7e81cd9613c --- roundcubemail/program/include/main.inc | 2 +- roundcubemail/program/include/rcube_db.inc | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) (limited to 'roundcubemail/program/include') diff --git a/roundcubemail/program/include/main.inc b/roundcubemail/program/include/main.inc index b940e2a13..1764435ee 100644 --- a/roundcubemail/program/include/main.inc +++ b/roundcubemail/program/include/main.inc @@ -705,7 +705,7 @@ function rcmail_create_user($user, $host) // try to resolve the e-mail address from the virtuser table if (!empty($CONFIG['virtuser_query']) && - ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) && + ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) && ($DB->num_rows()>0)) { while ($sql_arr = $DB->fetch_array($sql_result)) diff --git a/roundcubemail/program/include/rcube_db.inc b/roundcubemail/program/include/rcube_db.inc index ed2dcc5bb..18fa8f81a 100644 --- a/roundcubemail/program/include/rcube_db.inc +++ b/roundcubemail/program/include/rcube_db.inc @@ -426,6 +426,22 @@ class rcube_db } + /** + * Escapes a string + * + * @param string The string to be escaped + * @return string The escaped string + * @access public + */ + function escapeSimple($str) + { + if (!$this->db_handle) + $this->db_connect('r'); + + return $this->db_handle->escapeSimple($str); + } + + /* * Return SQL function for current time and date * @@ -580,4 +596,4 @@ class rcube_db } // end class rcube_db -?> \ No newline at end of file +?> -- cgit v1.2.3