banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Add rcube_db::escapeSimple() method for backward compat.

Browse Source 
Conflicts:

	plugins/virtuser_query/virtuser_query.php
pull/68/merge
Aleksander Machniak 11 years ago
parent 1352d8ddb0
commit 39a034b50d
2 changed files with 19 additions and 4 deletions
Show Stats Download Patch File Download Diff File

9
plugins/virtuser_query/virtuser_query.php
Unescape Escape View File

@ -59,7 +59,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->get_dbh(); $dbh = $this->get_dbh();
$sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['email'])); $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) { while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) { if (strpos($sql_arr[0], '@')) {
@ -78,8 +78,9 @@ class virtuser_query extends rcube_plugin
$result[] = $sql_arr[0]; $result[] = $sql_arr[0];
} }
if ($p['first']) if ($p['first']) {
break; break;
}
} }
} }
@ -95,7 +96,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->get_dbh(); $dbh = $this->get_dbh();
$sql_result = $dbh->query(preg_replace('/%m/', $dbh->escapeSimple($p['email']), $this->config['user'])); $sql_result = $dbh->query(preg_replace('/%m/', $dbh->quote($p['email']), $this->config['user']));
if ($sql_arr = $dbh->fetch_array($sql_result)) { if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['user'] = $sql_arr[0]; $p['user'] = $sql_arr[0];
@ -111,7 +112,7 @@ class virtuser_query extends rcube_plugin
{ {
$dbh = $this->get_dbh(); $dbh = $this->get_dbh();
$sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['host'])); $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['host']));
if ($sql_arr = $dbh->fetch_array($sql_result)) { if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['host'] = $sql_arr[0]; $p['host'] = $sql_arr[0];

14
program/lib/Roundcube/rcube_db.php
Unescape Escape View File

@ -647,6 +647,20 @@ class rcube_db
return $this->quote_identifier($str); return $this->quote_identifier($str);
} }
/**
* Quotes a string so it can be safely used as a table or column name
*
* @param string $str Value to quote
*
* @return string Quoted string for use in query
* @deprecated Replaced by rcube_db::quote
* @see rcube_db::quote
*/
public function simpleEscape($str)
{
return $this->quote($str);
}
/** /**
* Quotes a string so it can be safely used as a table or column name * Quotes a string so it can be safely used as a table or column name
* *

Write Preview
Loading…
Cancel
Save