functions.inc.php:
- gen_show_status(): escape mail addresses in query. Fixes https://sourceforge.net/p/postfixadmin/bugs/356/ (mostly - the edit/delete/... links in list-virtual are double-escaped) In theory this could allow SQL injection, in practise the mail address regex limits this issue to a DOS (creating a mail address with ' caused an invalid query that broke list-virtual) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802pull/9/head
parent
dd652974e0
commit
129a65b8c5
Loading…
Reference in New Issue