From d46057aeaf1ee4e3177c2151fce13c7ee6d83ba2 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Thu, 12 Feb 2009 11:33:06 -0500
Subject: [PATCH] Escape searchterm for preg in user mail filter.

---
 interface/web/mail/mail_user_filter_edit.php |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/interface/web/mail/mail_user_filter_edit.php b/interface/web/mail/mail_user_filter_edit.php
index 4d003ce..e21801e 100644
--- a/interface/web/mail/mail_user_filter_edit.php
+++ b/interface/web/mail/mail_user_filter_edit.php
@@ -129,14 +129,16 @@
 		
 		$content .= "if (/^".$this->dataRecord["source"].":";
 		
+		$searchterm = preg_quote($this->dataRecord["searchterm"]);
+		
 		if($this->dataRecord["op"] == 'contains') {
-			$content .= ".*".$this->dataRecord["searchterm"]."/:h)\n";
+			$content .= ".*".$searchterm."/:h)\n";
 		} elseif ($this->dataRecord["op"] == 'is') {
-			$content .= $this->dataRecord["searchterm"]."$/:h)\n";
+			$content .= $searchterm."$/:h)\n";
 		} elseif ($this->dataRecord["op"] == 'begins') {
-			$content .= $this->dataRecord["searchterm"]."/:h)\n";
+			$content .= $searchterm."/:h)\n";
 		} elseif ($this->dataRecord["op"] == 'ends') {
-			$content .= ".*".$this->dataRecord["searchterm"]."$/:h)\n";
+			$content .= ".*".$searchterm."$/:h)\n";
 		}
 		
 		$content .= "{\n";

--
Gitblit v1.9.1