Source

iredmail / iRedMail / patches / roundcubemail / password_driver_pgsql.patch

Full commit
Zhang Huangbin cc8b94d 



Zhang Huangbin 9d188a6 

Zhang Huangbin cc8b94d 


Zhang Huangbin 14b3d35 

Zhang Huangbin 9d188a6 
Zhang Huangbin cc8b94d 
Zhang Huangbin 9d188a6 






Zhang Huangbin 14b3d35 
Zhang Huangbin 9d188a6 
--- plugins/password/drivers/sql.php	2013-05-17 02:06:30.000000000 +0800
+++ plugins/password/drivers/sql.php	2013-06-13 21:41:41.000000000 +0800
@@ -80,7 +80,8 @@
                 $salt .= $seedchars[rand(0, 63)];
             }
 
-            $sql = str_replace('%c',  $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql);
+            //$sql = str_replace('%c',  $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt)), $sql);
+            $sql = str_replace('%c', str_replace("'", "\'", $db->quote(crypt($passwd, $salt_hashindicator ? $salt_hashindicator .$salt.'$' : $salt))), $sql);
         }
 
         // dovecotpw
@@ -177,7 +178,8 @@
         // at least we should always have the local part
         $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql);
         $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql);
-        $sql = str_replace('%u', $db->quote($username, 'text'), $sql);
+        //$sql = str_replace('%u', $db->quote($username, 'text'), $sql);
+        $sql = str_replace('%u', str_replace("'", "\'", $db->quote($username, 'text')), $sql);
         $sql = str_replace('%h', $db->quote($host, 'text'), $sql);
 
         $res = $db->query($sql, $sql_vars);