summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--plugins/virtuser_query/virtuser_query.php9
-rw-r--r--program/lib/Roundcube/rcube_db.php14
2 files changed, 19 insertions, 4 deletions
diff --git a/plugins/virtuser_query/virtuser_query.php b/plugins/virtuser_query/virtuser_query.php
index 675eb7c1b..32522f9d0 100644
--- a/plugins/virtuser_query/virtuser_query.php
+++ b/plugins/virtuser_query/virtuser_query.php
@@ -59,7 +59,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['email']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['email']));
while ($sql_arr = $dbh->fetch_array($sql_result)) {
if (strpos($sql_arr[0], '@')) {
@@ -78,8 +78,9 @@ class virtuser_query extends rcube_plugin
$result[] = $sql_arr[0];
}
- if ($p['first'])
+ if ($p['first']) {
break;
+ }
}
}
@@ -95,7 +96,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escapeSimple($p['email']), $this->config['user']));
+ $sql_result = $dbh->query(preg_replace('/%m/', $dbh->quote($p['email']), $this->config['user']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['user'] = $sql_arr[0];
@@ -111,7 +112,7 @@ class virtuser_query extends rcube_plugin
{
$dbh = $this->get_dbh();
- $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['host']));
+ $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['host']));
if ($sql_arr = $dbh->fetch_array($sql_result)) {
$p['host'] = $sql_arr[0];
diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php
index 4e6684c51..48f0ef906 100644
--- a/program/lib/Roundcube/rcube_db.php
+++ b/program/lib/Roundcube/rcube_db.php
@@ -653,6 +653,20 @@ class rcube_db
* @param string $str Value to quote
*
* @return string Quoted string for use in query
+ * @deprecated Replaced by rcube_db::quote
+ * @see rcube_db::quote
+ */
+ public function simpleEscape($str)
+ {
+ return $this->quote($str);
+ }
+
+ /**
+ * Quotes a string so it can be safely used as a table or column name
+ *
+ * @param string $str Value to quote
+ *
+ * @return string Quoted string for use in query
*/
public function quote_identifier($str)
{