diff options
Diffstat (limited to 'program/include/main.inc')
-rw-r--r-- | program/include/main.inc | 24 |
1 files changed, 16 insertions, 8 deletions
diff --git a/program/include/main.inc b/program/include/main.inc index e522b4350..3fe196a74 100644 --- a/program/include/main.inc +++ b/program/include/main.inc @@ -580,10 +580,10 @@ function rcmail_create_user($user, $host) $DB->query("INSERT INTO ".get_table_name('users')." (created, last_login, username, mail_host, alias, language) VALUES (".$DB->now().", ".$DB->now().", ?, ?, ?, ?)", - $user, - $host, - $user_email, - $_SESSION['user_lang']); + strip_newlines($user), + strip_newlines($host), + strip_newlines($user_email), + $_SESSION['user_lang']); if ($user_id = $DB->insert_id(get_sequence_name('users'))) { @@ -595,7 +595,7 @@ function rcmail_create_user($user, $host) $user_name = $user!=$user_email ? $user : ''; // try to resolve the e-mail address from the virtuser table - if (!empty($CONFIG['virtuser_query']) && + if (!empty($CONFIG['virtuser_query']) && ($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) && ($DB->num_rows()>0)) while ($sql_arr = $DB->fetch_array($sql_result)) @@ -604,7 +604,7 @@ function rcmail_create_user($user, $host) (user_id, del, standard, name, email) VALUES (?, 0, 1, ?, ?)", $user_id, - $user_name, + strip_newlines($user_name), preg_replace('/^@/', $user . '@', $sql_arr[0])); } else @@ -614,8 +614,8 @@ function rcmail_create_user($user, $host) (user_id, del, standard, name, email) VALUES (?, 0, 1, ?, ?)", $user_id, - $user_name, - $user_email); + strip_newlines($user_name), + strip_newlines($user_email)); } // get existing mailboxes @@ -1140,6 +1140,14 @@ function strip_quotes($str) return preg_replace('/[\'"]/', '', $str); } +/** + * Remove new lines characters from given string + */ +function strip_newlines($str) +{ + return preg_replace('/[\r\n]/', '', $str); +} + // ************** template parsing and gui functions ************** |