diff options
-rw-r--r-- | plugins/virtuser_query/virtuser_query.php | 6 | ||||
-rw-r--r-- | program/lib/Roundcube/rcube_db.php | 14 |
2 files changed, 17 insertions, 3 deletions
diff --git a/plugins/virtuser_query/virtuser_query.php b/plugins/virtuser_query/virtuser_query.php index 073b4e230..b6d84c952 100644 --- a/plugins/virtuser_query/virtuser_query.php +++ b/plugins/virtuser_query/virtuser_query.php @@ -55,7 +55,7 @@ class virtuser_query extends rcube_plugin { $dbh = $this->app->get_dbh(); - $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['email'])); + $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['email'])); while ($sql_arr = $dbh->fetch_array($sql_result)) { if (strpos($sql_arr[0], '@')) { @@ -91,7 +91,7 @@ class virtuser_query extends rcube_plugin { $dbh = $this->app->get_dbh(); - $sql_result = $dbh->query(preg_replace('/%m/', $dbh->escapeSimple($p['email']), $this->config['user'])); + $sql_result = $dbh->query(preg_replace('/%m/', $dbh->quote($p['email']), $this->config['user'])); if ($sql_arr = $dbh->fetch_array($sql_result)) { $p['user'] = $sql_arr[0]; @@ -107,7 +107,7 @@ class virtuser_query extends rcube_plugin { $dbh = $this->app->get_dbh(); - $sql_result = $dbh->query(preg_replace('/%u/', $dbh->escapeSimple($p['user']), $this->config['host'])); + $sql_result = $dbh->query(preg_replace('/%u/', $dbh->quote($p['user']), $this->config['host'])); if ($sql_arr = $dbh->fetch_array($sql_result)) { $p['host'] = $sql_arr[0]; diff --git a/program/lib/Roundcube/rcube_db.php b/program/lib/Roundcube/rcube_db.php index 113ed84bf..d49056cdf 100644 --- a/program/lib/Roundcube/rcube_db.php +++ b/program/lib/Roundcube/rcube_db.php @@ -653,6 +653,20 @@ class rcube_db * @param string $str Value to quote * * @return string Quoted string for use in query + * @deprecated Replaced by rcube_db::quote + * @see rcube_db::quote + */ + public function simpleEscape($str) + { + return $this->quote($str); + } + + /** + * Quotes a string so it can be safely used as a table or column name + * + * @param string $str Value to quote + * + * @return string Quoted string for use in query */ public function quote_identifier($str) { |