1. Zhang Huangbin
  2. iredmail

Source

iredmail / iRedMail / patches / roundcubemail / password_driver_pgsql.patch

--- plugins/password/drivers/sql.php	2011-11-15 18:50:30.000000000 +0800
+++ plugins/password/drivers/sql.php	2012-01-21 16:23:31.000000000 +0800
@@ -52,7 +52,8 @@
     	    $salt .= $seedchars[rand(0, 63)];
         }
 
-        $sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
+        //$sql = str_replace('%c',  $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt)), $sql);
+        $sql = str_replace('%c', str_replace("'", "\'", $db->quote(crypt($passwd, CRYPT_MD5 ? '$1$'.$salt.'$' : $salt))), $sql);
     }
 
     // dovecotpw
@@ -150,7 +151,8 @@
     // at least we should always have the local part
     $sql = str_replace('%l', $db->quote($local_part, 'text'), $sql);
     $sql = str_replace('%d', $db->quote($domain_part, 'text'), $sql);
-    $sql = str_replace('%u', $db->quote($username, 'text'), $sql);
+    //$sql = str_replace('%u', $db->quote($username, 'text'), $sql);
+    $sql = str_replace('%u', str_replace("'", "\'", $db->quote($username, 'text')), $sql);
     $sql = str_replace('%h', $db->quote($host, 'text'), $sql);
 
     $res = $db->query($sql, $sql_vars);