On 6/10/07, till <[EMAIL PROTECTED]> wrote:
Hi,On 6/9/07, Nicolas Rachinsky <[EMAIL PROTECTED]> wrote: > Hallo, > > program/include/main.inc, line 608: > ($sql_result = $DB->query(preg_replace('/%u/', $user, $CONFIG['virtuser_query']))) && > > Shouldn't the username be quoted correctly before inserted into the > database query? Looks a bit weird - let me have a look.
It looks like it uses the query you can provide in the config file, but it does not escape the user at all. Also, I am not sure if a simple str_replace() would be faster there. I could be wrong though - or overseeing something obvious. If you want to provide a patch - feel free to open a ticket (trac.roundcube.net) and attach it. Till
