diff options
author | svncommit <devs@roundcube.net> | 2007-11-09 15:42:12 +0000 |
---|---|---|
committer | svncommit <devs@roundcube.net> | 2007-11-09 15:42:12 +0000 |
commit | fe89f82e2e5857f5b3a88f48bcfb840d2d680b04 (patch) | |
tree | 9655e9b473bc503fd8185b054cf447a350b9a19a /program/include | |
parent | 033155a705662ab527abf262545164d015fe3528 (diff) |
Add escapeSimple method to rcube_db() object, to be used instead of quote() which will not allways work in virtuser query, for example when using something like REGEXP '(^|,)%u(,|$)'
Diffstat (limited to 'program/include')
-rw-r--r-- | program/include/main.inc | 2 | ||||
-rw-r--r-- | program/include/rcube_db.inc | 18 |
2 files changed, 18 insertions, 2 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index b940e2a13..1764435ee 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -705,7 +705,7 @@ function rcmail_create_user($user, $host) // try to resolve the e-mail address from the virtuser table if (!empty($CONFIG['virtuser_query']) && - ($sql_result = $DB->query(preg_replace('/%u/', $DB->quote($user), $CONFIG['virtuser_query']))) && + ($sql_result = $DB->query(preg_replace('/%u/', $DB->escapeSimple($user), $CONFIG['virtuser_query']))) && ($DB->num_rows()>0)) { while ($sql_arr = $DB->fetch_array($sql_result)) diff --git a/program/include/rcube_db.inc b/program/include/rcube_db.inc index ed2dcc5bb..18fa8f81a 100644 --- a/program/include/rcube_db.inc +++ b/program/include/rcube_db.inc @@ -426,6 +426,22 @@ class rcube_db } + /** + * Escapes a string + * + * @param string The string to be escaped + * @return string The escaped string + * @access public + */ + function escapeSimple($str) + { + if (!$this->db_handle) + $this->db_connect('r'); + + return $this->db_handle->escapeSimple($str); + } + + /* * Return SQL function for current time and date * @@ -580,4 +596,4 @@ class rcube_db } // end class rcube_db -?>
\ No newline at end of file +?> |