From 0403a0a55aa8f14c1697a32378d2b0d15a857e77 Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Sun, 21 Aug 2011 20:58:20 +0000
Subject: [PATCH] functions.inc.php - check_owner(): - escape_string()
 $username and $domain to prevent SQL injections - add a TODO

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1171 a1433add-5e2c-0410-b055-b7f2511e0802
---
 functions.inc.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/functions.inc.php b/functions.inc.php
index 090f68f0..50e3125d 100644
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -764,7 +764,9 @@ function divide_quota ($quota) {
 //
 function check_owner ($username, $domain) {
     global $table_domain_admins;
-    $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$username' AND (domain='$domain' OR domain='ALL') AND active='1'");
+    $E_username = escape_string($username);
+    $E_domain = escape_string($domain);
+    $result = db_query ("SELECT 1 FROM $table_domain_admins WHERE username='$E_username' AND (domain='$E_domain' OR domain='ALL') AND active='1'");
     if ($result['rows'] != 1) {
         if ($result['rows'] > 1) { # "ALL" + specific domain permissions. 2.3 doesn't create such entries, but they are available as leftover from older versions
             flash_error("Permission check returned more than one result. Please go to 'edit admin' for your username and press the save "
@@ -773,6 +775,7 @@ function check_owner ($username, $domain) {
         return false;
     } else {
         return true;
+        # TODO: if superadmin, check if given domain exists in the database
     }
 }