SF.net SVN: postfixadmin:[1247] trunk/model/MailboxHandler.php

[<chr...@us...>]

Revision: 1247
          http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1247&view=rev
Author:   christian_boltz
Date:     2011-10-29 22:29:16 +0000 (Sat, 29 Oct 2011)
Log Message:
-----------
MailboxHandler.php:
- delete(): use escaped $E_domain instead of $domain in some queries

Modified Paths:
--------------
    trunk/model/MailboxHandler.php

Modified: trunk/model/MailboxHandler.php
===================================================================
--- trunk/model/MailboxHandler.php	2011-10-29 22:16:16 UTC (rev 1246)
+++ trunk/model/MailboxHandler.php	2011-10-29 22:29:16 UTC (rev 1247)
@@ -248,7 +248,7 @@
 #TODO: true/false replacement!
         $error = 0;
 
-        $result = db_query("SELECT * FROM $table_alias WHERE address = '$E_username' AND domain = '$domain'");
+        $result = db_query("SELECT * FROM $table_alias WHERE address = '$E_username' AND domain = '$E_domain'");
         if($result['rows'] == 1) {
             $result = db_delete('alias', 'address', $username);
             db_log ($domain, 'delete_alias', $username);
@@ -258,7 +258,7 @@
         }
 
         /* is there a mailbox? if do delete it from orbit; it's the only way to be sure */
-        $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$E_username' AND domain='$domain'");
+        $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$E_username' AND domain='$E_domain'");
         if ($result['rows'] == 1) {
             $result = db_delete('mailbox', 'username', $username);
             $postdel_res=mailbox_postdeletion($username,$domain);
@@ -287,7 +287,7 @@
             $this->errormsg[] = "no mailbox $username"; # TODO: better message, make translatable
             $error = 1;
         }
-        $result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username' AND domain = '$domain'");
+        $result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username' AND domain = '$E_domain'");
         if($result['rows'] == 1) {
             db_delete('vacation', 'email', $username);
             db_delete('vacation_notification', 'on_vacation', $username); # TODO: delete vacation_notification independent of vacation? (in case of "forgotten" vacation_notification entries)

This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.