Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)'

17 years ago · fe89f82e2e
parent 033155a705
commit fe89f82e2e
2 changed files with 18 additions and 2 deletions
--- a/program/include/main.inc
+++ b/program/include/main.inc
@ -705,7 +705,7 @@ function rcmail_create_user($user, $host)

    // try to resolve the e-mail address from the virtuser table
    if (!empty($CONFIG['virtuser_query']) &&
-        ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
+        ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) &&
        ($DB->num_rows()>0))
    {
      while ($sql_arr = $DB->fetch_array($sql_result))
--- a/program/include/rcube_db.inc
+++ b/program/include/rcube_db.inc
@ -426,6 +426,22 @@ class rcube_db
    }


+  /**
+   * Escapes a string
+   *
+   * @param  string  The string to be escaped
+   * @return string  The escaped string
+   * @access public
+   */
+  function escapeSimple($str)
+    {
+    if (!$this->db_handle)
+      $this->db_connect('r');
+
+    return $this->db_handle->escapeSimple($str);
+    }
+
+
  /*
   * Return SQL function for current time and date
   *
@ -580,4 +596,4 @@ class rcube_db

  }  // end class rcube_db

-?>
+?>