SF.net SVN: postfixadmin:[1247] trunk/model/MailboxHandler.php
Brought to you by:
christian_boltz,
gingerdog
From: <chr...@us...> - 2011-10-29 22:29:22
|
Revision: 1247 http://postfixadmin.svn.sourceforge.net/postfixadmin/?rev=1247&view=rev Author: christian_boltz Date: 2011-10-29 22:29:16 +0000 (Sat, 29 Oct 2011) Log Message: ----------- MailboxHandler.php: - delete(): use escaped $E_domain instead of $domain in some queries Modified Paths: -------------- trunk/model/MailboxHandler.php Modified: trunk/model/MailboxHandler.php =================================================================== --- trunk/model/MailboxHandler.php 2011-10-29 22:16:16 UTC (rev 1246) +++ trunk/model/MailboxHandler.php 2011-10-29 22:29:16 UTC (rev 1247) @@ -248,7 +248,7 @@ #TODO: true/false replacement! $error = 0; - $result = db_query("SELECT * FROM $table_alias WHERE address = '$E_username' AND domain = '$domain'"); + $result = db_query("SELECT * FROM $table_alias WHERE address = '$E_username' AND domain = '$E_domain'"); if($result['rows'] == 1) { $result = db_delete('alias', 'address', $username); db_log ($domain, 'delete_alias', $username); @@ -258,7 +258,7 @@ } /* is there a mailbox? if do delete it from orbit; it's the only way to be sure */ - $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$E_username' AND domain='$domain'"); + $result = db_query ("SELECT * FROM $table_mailbox WHERE username='$E_username' AND domain='$E_domain'"); if ($result['rows'] == 1) { $result = db_delete('mailbox', 'username', $username); $postdel_res=mailbox_postdeletion($username,$domain); @@ -287,7 +287,7 @@ $this->errormsg[] = "no mailbox $username"; # TODO: better message, make translatable $error = 1; } - $result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username' AND domain = '$domain'"); + $result = db_query("SELECT * FROM $table_vacation WHERE email = '$E_username' AND domain = '$E_domain'"); if($result['rows'] == 1) { db_delete('vacation', 'email', $username); db_delete('vacation_notification', 'on_vacation', $username); # TODO: delete vacation_notification independent of vacation? (in case of "forgotten" vacation_notification entries) This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |