Commits

Zhang Huangbin  committed 2269ad0

Fixed: Not quote email address and domain name in SQL command in plugin/sql_user_restrictions.py.
Thanks Petr Pytelka <pytelka _at_ lightcomp.cz> for the report.

  • Participants
  • Parent commits b9da313

Comments (0)

Files changed (2)

 iRedAPD-1.4.1:
     * Fixed:
-        + Not quote email address and domain name in SQL command in
-          plugins/sql_alias_access_policy.py.
+        + Not quote email address and domain name in SQL command in plugins
+          sql_alias_access_policy.py, sql_user_restrictions.py.
           Thanks Petr Pytelka <pytelka _at_ lightcomp.cz> for the report.
         + Check sender domain immediately instead of querying addition domain
           names: plugins/ldap_maillist_access_policy.py.

File plugins/sql_user_restrictions.py

             allowedrecipients, rejectedrecipients,
             allowedsenders, rejectedsenders
         FROM mailbox
-        WHERE username=%s
+        WHERE username='%s'
         LIMIT 1
     ''' % sender
     logging.debug('SQL to get restriction rules of sender (%s): %s' % (sender, sql))
                 allowedrecipients, rejectedrecipients,
                 allowedsenders, rejectedsenders
             FROM mailbox
-            WHERE username=%s
+            WHERE username='%s'
             LIMIT 1
         ''' % recipient
         logging.debug('SQL to get restriction rules of recipient (%s): %s' % (recipient, sql))