From 093a3d9e7df58e2bd41db2caf6a348bf60c9ec8a Mon Sep 17 00:00:00 2001
From: Victor Benincasa <vbenincasa@gmail.com>
Date: Tue, 25 Jun 2013 02:39:23 -0400
Subject: [PATCH] Fix improper error checking
---
plugins/virtuser_query/virtuser_query.php | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/plugins/virtuser_query/virtuser_query.php b/plugins/virtuser_query/virtuser_query.php
index 675eb7c..db3c519 100644
--- a/plugins/virtuser_query/virtuser_query.php
+++ b/plugins/virtuser_query/virtuser_query.php
@@ -23,6 +23,7 @@
* @version @package_version@
* @author Aleksander Machniak <alec@alec.pl>
* @author Steffen Vogel
+ * @license GNU GPLv3+
*/
class virtuser_query extends rcube_plugin
{
@@ -59,7 +60,7 @@
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['email']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) {
@@ -78,8 +79,9 @@
$result[] = $sql_arr[0];
}
- if ($p['first'])
+ if ($p['first']) {
break;
+ }
}
}
@@ -95,7 +97,7 @@
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escapeSimple($p['email']), $this->config['user']));
+ $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escape($p['email']), $this->config['user']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['user'] = $sql_arr[0];
@@ -111,7 +113,7 @@
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['host']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['host']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['host'] = $sql_arr[0];
--
Gitblit v1.9.1