mirror of
https://github.com/postfixadmin/postfixadmin.git
synced 2024-09-19 19:22:14 +02:00
functions.inc.php:
- gen_show_status(): escape mail addresses in query. Fixes https://sourceforge.net/p/postfixadmin/bugs/356/ (mostly - the edit/delete/... links in list-virtual are double-escaped) In theory this could allow SQL injection, in practise the mail address regex limits this issue to a DOS (creating a mail address with ' caused an invalid query that broke list-virtual) git-svn-id: https://svn.code.sf.net/p/postfixadmin/code/trunk@1809 a1433add-5e2c-0410-b055-b7f2511e0802
This commit is contained in:
parent
dd652974e0
commit
129a65b8c5
@ -1755,9 +1755,9 @@ function gen_show_status ($show_alias) {
|
||||
list(/*NULL*/,$stat_domain) = explode('@',$g);
|
||||
$stat_delimiter = "";
|
||||
if (!empty($CONF['recipient_delimiter'])) {
|
||||
$stat_delimiter = "OR address = '" . preg_replace($delimiter_regex, "@", $g) . "'";
|
||||
$stat_delimiter = "OR address = '" . escape_string(preg_replace($delimiter_regex, "@", $g)) . "'";
|
||||
}
|
||||
$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '$g' OR address = '@$stat_domain' $stat_delimiter");
|
||||
$stat_result = db_query ("SELECT address FROM $table_alias WHERE address = '" . escape_string($g) . "' OR address = '@" . escape_string($stat_domain) . "' $stat_delimiter");
|
||||
if ($stat_result['rows'] == 0) {
|
||||
$stat_ok = 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user