Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)'

author: svncommit <devs@roundcube.net> 2007-11-09 15:42:12 +0000
committer: svncommit <devs@roundcube.net> 2007-11-09 15:42:12 +0000
commit: fe89f82e2e5857f5b3a88f48bcfb840d2d680b04 (patch)
tree: 9655e9b473bc503fd8185b054cf447a350b9a19a /program/include/main.inc
parent: 033155a705662ab527abf262545164d015fe3528 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/program/include/main.inc b/program/include/main.inc
index b940e2a13..1764435ee 100644
--- a/program/include/main.inc
+++ b/program/include/main.inc
@@ -705,7 +705,7 @@ function rcmail_create_user($user, $host)
 
     // try to resolve the e-mail address from the virtuser table
     if (!empty($CONFIG['virtuser_query']) &&
-        ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) &&
+        ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) &&
         ($DB->num_rows()>0))
     {
       while ($sql_arr = $DB->fetch_array($sql_result))
author	svncommit <devs@roundcube.net>	2007-11-09 15:42:12 +0000
committer	svncommit <devs@roundcube.net>	2007-11-09 15:42:12 +0000
commit	fe89f82e2e5857f5b3a88f48bcfb840d2d680b04 (patch)
tree	9655e9b473bc503fd8185b054cf447a350b9a19a /program/include/main.inc
parent	033155a705662ab527abf262545164d015fe3528 (diff)