On 6/10/07, till klimpong@gmail.com wrote:
Hi,
On 6/9/07, Nicolas Rachinsky nicolas-2007@rachinsky.de wrote:
Hallo,
program/include/main.inc, line 608: ($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) &&
Shouldn't the username be quoted correctly before inserted into the database query?
Looks a bit weird - let me have a look.
It looks like it uses the query you can provide in the config file, but it does not escape the user at all. Also, I am not sure if a simple str_replace() would be faster there. I could be wrong though - or overseeing something obvious.
If you want to provide a patch - feel free to open a ticket (trac.roundcube.net) and attach it.
Till