From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty

---
 server/plugins-available/maildeliver_plugin.inc.php |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/server/plugins-available/maildeliver_plugin.inc.php b/server/plugins-available/maildeliver_plugin.inc.php
index 85293ae..a6f9ae5 100644
--- a/server/plugins-available/maildeliver_plugin.inc.php
+++ b/server/plugins-available/maildeliver_plugin.inc.php
@@ -165,8 +165,8 @@
 			$tpl->setVar('autoresponder_text', $data["new"]["autoresponder_text"]);
 
 			//* Set alias addresses for autoresponder
-			$sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = '".$app->db->quote($data["new"]["email"])."'";
-			$records = $app->db->queryAllRecords($sql);
+			$sql = "SELECT * FROM mail_forwarding WHERE type = 'alias' AND destination = ?";
+			$records = $app->db->queryAllRecords($sql, $data["new"]["email"]);
 
 			$addresses = array();
 			$addresses[] = $data["new"]["email"];
@@ -181,8 +181,8 @@
 			$alias_addresses = array();
 
 			$email_parts = explode('@', $data["new"]["email"]);
-			$sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = '@".$app->db->quote($email_parts[1])."'";
-			$records = $app->db->queryAllRecords($sql);
+			$sql = "SELECT * FROM mail_forwarding WHERE type = 'aliasdomain' AND destination = ?";
+			$records = $app->db->queryAllRecords($sql, '@'.$email_parts[1]);
 			if(is_array($records) && count($records) > 0) {
 				$app->log("Found " . count($records) . " records (aliasdomains).", LOGLEVEL_DEBUG);
 				foreach($records as $rec) {

--
Gitblit v1.9.1