Commits

Zhang Huangbin committed b9da313

Fixed: Not quote email address and domain name in SQL command in
plugins/sql_alias_access_policy.py.
Thanks Petr Pytelka <pytelka _at_ lightcomp.cz> for the report.

  • Participants
  • Parent commits fe6d0df

Comments (0)

Files changed (2)

 iRedAPD-1.4.1:
     * Fixed:
+        + Not quote email address and domain name in SQL command in
+          plugins/sql_alias_access_policy.py.
+          Thanks Petr Pytelka <pytelka _at_ lightcomp.cz> for the report.
         + Check sender domain immediately instead of querying addition domain
           names: plugins/ldap_maillist_access_policy.py.
         + Incorrect LDAP attribute name in plugins/ldap_recipient_restrictions:

plugins/sql_alias_access_policy.py

     sql = '''SELECT accesspolicy, goto, moderators
             FROM alias
             WHERE
-                address=%s
+                address='%s'
                 AND address <> goto
-                AND domain=%s
+                AND domain='%s'
                 AND active=1
             LIMIT 1
     ''' % (recipient, recipient_domain)