From e99547a06c187ce8222f31f1611941156126299d Mon Sep 17 00:00:00 2001
From: Christian Boltz <postfixadmin@cboltz.de>
Date: Tue, 12 Oct 2010 20:45:24 +0000
Subject: [PATCH] list-virtual.php: - fix displaying of 'modified' column for
 aliases when using postgres   (bugreport mailed by Dominic, neocoretech @SF)
 - drop MySQL variant of the alias query, the fixed postgres variant works for
   both - fixed wrong position of $sql_where (search string) - must be outside
   the sub-query - escape search string in page browser - even if it is
 unlikely that enough   mail adresses contain funny chars to let the
 pagebrowser appear ;-)

git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@874 a1433add-5e2c-0410-b055-b7f2511e0802
---
 list-virtual.php | 17 +++--------------
 1 file changed, 3 insertions(+), 14 deletions(-)

diff --git a/list-virtual.php b/list-virtual.php
index be4b6367..4b57f28e 100644
--- a/list-virtual.php
+++ b/list-virtual.php
@@ -155,24 +155,13 @@ if ($search == "") {
    $sql_where  = " AND ( address LIKE '%$search%' OR goto LIKE '%$search%' ) ";
 }
 
-$query = "SELECT $table_alias.address,
-                 $table_alias.goto,
-                 $table_alias.modified,
-                 $table_alias.active
-          FROM $table_alias LEFT JOIN $table_mailbox ON $table_alias.address=$table_mailbox.username
-          WHERE ($sql_domain AND $table_mailbox.maildir IS NULL $sql_where)
-          ORDER BY $table_alias.address LIMIT $fDisplay, $page_size";
-if ('pgsql'==$CONF['database_type'])
-{
-   # TODO: is the different query for pgsql really needed? The mailbox query below also works with both...
    $query = "SELECT address,
                     goto,
-                    extract(epoch from modified) as modified,
+                    modified,
                     active
                     FROM $table_alias
-					WHERE $sql_domain AND NOT EXISTS(SELECT 1 FROM $table_mailbox WHERE username=$table_alias.address $sql_where)
+					WHERE $sql_domain AND NOT EXISTS(SELECT 1 FROM $table_mailbox WHERE username=$table_alias.address)   $sql_where
                     ORDER BY address LIMIT $page_size OFFSET $fDisplay";
-}
 
 $result = db_query ($query);
 if ($result['rows'] > 0)
@@ -359,7 +348,7 @@ class cNav_bar
         if ($aSearch == "") {
             $this->search = "";
         } else {
-            $this->search = "&search=$aSearch";
+            $this->search = "&search=" . htmlentities($aSearch);
         }
 		$this->url = '';
 		$this->fInit = false;