summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2013-04-17 19:33:42 +0200
committerAleksander Machniak <alec@alec.pl>2013-04-17 19:34:37 +0200
commit51f52b525bc3b10b8008d916353f3034a9081cee (patch)
tree11f84181e401b90eac1b27f968ac0394707b30ad
parent7af32a95bb7816787516968638b1b80e1a77180d (diff)
Add rcube_db::escape() method, fix escapeSimple() to use escape instead of quote()
-rw-r--r--plugins/virtuser_query/virtuser_query.php6
-rw-r--r--program/lib/Roundcube/rcube_db.php28
2 files changed, 25 insertions, 9 deletions
diff --git a/plugins/virtuser_query/virtuser_query.php b/plugins/virtuser_query/virtuser_query.php
index 6eb7ad647..a4c83265e 100644
--- a/plugins/virtuser_query/virtuser_query.php
+++ b/plugins/virtuser_query/virtuser_query.php
@@ -55,7 +55,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->app->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['email']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) {
@@ -92,7 +92,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->app->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%m/', $dbh->quote($p['email']), $this->config['user']));
+ $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escape($p['email']), $this->config['user']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['user'] = $sql_arr[0];
@@ -108,7 +108,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->app->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['host']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escape($p['user']), $this->config['host']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['host'] = $sql_arr[0];
diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index 9104a85d8..62ece1ba5 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -634,6 +634,22 @@ class rcube_db
}
/**
+ * Escapes a string so it can be safely used in a query
+ *
+ * @param string $str A string to escape
+ *
+ * @return string Escaped string for use in a query
+ */
+ public function escape($str)
+ {
+ if (is_null($str)) {
+ return 'NULL';
+ }
+
+ return substr($this->quote($str), 1, -1);
+ }
+
+ /**
* Quotes a string so it can be safely used as a table or column name
*
* @param string $str Value to quote
@@ -648,17 +664,17 @@ class rcube_db
}
/**
- * Quotes a string so it can be safely used as a table or column name
+ * Escapes a string so it can be safely used in a query
*
- * @param string $str Value to quote
+ * @param string $str A string to escape
*
- * @return string Quoted string for use in query
- * @deprecated Replaced by rcube_db::quote
- * @see rcube_db::quote
+ * @return string Escaped string for use in a query
+ * @deprecated Replaced by rcube_db::escape
+ * @see rcube_db::escape
*/
public function escapeSimple($str)
{
- return $this->quote($str);
+ return $this->escape($str);
}
/**