Add escapeSimple method to rcube_db() object, to be used instead of quote()...

svncommit

2007-11-09 fe89f82e2e5857f5b3a88f48bcfb840d2d680b04

Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)'

 program/include/main.inc

@@ -705,7 +705,7 @@

    // try to resolve the e-mail address from the virtuser table
    if (!empty($CONFIG['virtuser_query']) &&
        ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
        ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) &&
        ($DB->num_rows()>0))
    {
      while ($sql_arr = $DB->fetch_array($sql_result))

 program/include/rcube_db.inc

@@ -426,6 +426,22 @@
    }


  /**
   * Escapes a string
   *
   * @param  string  The string to be escaped
   * @return string  The escaped string
   * @access public
   */
  function escapeSimple($str)
    {
    if (!$this->db_handle)
      $this->db_connect('r');

    return $this->db_handle->escapeSimple($str);
    }


  /*
   * Return SQL function for current time and date
   *
@@ -580,4 +596,4 @@

  }  // end class rcube_db

?>
?>