From 093a3d9e7df58e2bd41db2caf6a348bf60c9ec8a Mon Sep 17 00:00:00 2001
From: Victor Benincasa <vbenincasa@gmail.com>
Date: Tue, 25 Jun 2013 02:39:23 -0400
Subject: [PATCH] Fix improper error checking

---
 plugins/virtuser_query/virtuser_query.php |   40 +++++++++++++++++++++++++++++++++-------
 1 files changed, 33 insertions(+), 7 deletions(-)

diff --git a/plugins/virtuser_query/virtuser_query.php b/plugins/virtuser_query/virtuser_query.php
index c479a4f..db3c519 100644
--- a/plugins/virtuser_query/virtuser_query.php
+++ b/plugins/virtuser_query/virtuser_query.php
@@ -17,14 +17,19 @@
  * The email query can return more than one record to create more identities.
  * This requires identities_level option to be set to value less than 2.
  *
+ * By default Roundcube database is used. To use different database (or host)
+ * you can specify DSN string in $rcmail_config['virtuser_query_dsn'] option.
+ *
  * @version @package_version@
  * @author Aleksander Machniak <alec@alec.pl>
  * @author Steffen Vogel
+ * @license GNU GPLv3+
  */
 class virtuser_query extends rcube_plugin
 {
     private $config;
     private $app;
+    private $db;
 
     function init()
     {
@@ -53,9 +58,9 @@
      */
     function user2email($p)
     {
-        $dbh = $this->app->get_dbh();
+        $dbh = $this->get_dbh();
 
-        $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['email']));
+        $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email']));
 
         while ($sql_arr = $dbh->fetch_array($sql_result)) {
             if (strpos($sql_arr[0], '@')) {
@@ -74,8 +79,9 @@
                     $result[] = $sql_arr[0];
                 }
 
-                if ($p['first'])
+                if ($p['first']) {
                     break;
+                }
             }
         }
 
@@ -89,9 +95,9 @@
      */
     function email2user($p)
     {
-        $dbh = $this->app->get_dbh();
+        $dbh = $this->get_dbh();
 
-        $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escapeSimple($p['email']), $this->config['user']));
+        $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escape($p['email']), $this->config['user']));
 
         if ($sql_arr = $dbh->fetch_array($sql_result)) {
             $p['user'] = $sql_arr[0];
@@ -105,9 +111,9 @@
      */
     function user2host($p)
     {
-        $dbh = $this->app->get_dbh();
+        $dbh = $this->get_dbh();
 
-        $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['host']));
+        $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['host']));
 
         if ($sql_arr = $dbh->fetch_array($sql_result)) {
             $p['host'] = $sql_arr[0];
@@ -116,5 +122,25 @@
         return $p;
     }
 
+    /**
+     * Initialize database handler
+     */
+    function get_dbh()
+    {
+        if (!$this->db) {
+            if ($dsn = $this->app->config->get('virtuser_query_dsn')) {
+                // connect to the virtuser database
+                $this->db = rcube_db::factory($dsn);
+                $this->db->set_debug((bool)$this->app->config->get('sql_debug'));
+                $this->db->db_connect('r'); // connect in read mode
+            }
+            else {
+                $this->db = $this->app->get_dbh();
+            }
+        }
+
+        return $this->db;
+    }
+
 }
 

--
Gitblit v1.9.1