From e09e6888ed70b1c17d290df68742d47db89bb2b4 Mon Sep 17 00:00:00 2001
From: tbrehm <t.brehm@ispconfig.org>
Date: Sun, 08 Feb 2009 09:59:18 -0500
Subject: [PATCH] Fixed: client can create database through phpmyadmin 

---
 interface/web/mail/mail_get_edit.php |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/interface/web/mail/mail_get_edit.php b/interface/web/mail/mail_get_edit.php
index 4cc301c..ec9aeb9 100644
--- a/interface/web/mail/mail_get_edit.php
+++ b/interface/web/mail/mail_get_edit.php
@@ -92,7 +92,7 @@
 		} // end if user is not admin
 		
 		// Set the server ID according to the selected destination
-		$tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".mysql_real_escape_string($this->dataRecord["destination"])."'");
+		$tmp = $app->db->queryOneRecord("SELECT server_id FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
 		$this->dataRecord["server_id"] = $tmp["server_id"];
 		unset($tmp);
 		
@@ -102,7 +102,7 @@
 	function onAfterInsert() {
 		global $app;
 		
-		$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".mysql_real_escape_string($this->dataRecord["destination"])."'");
+		$tmp = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_user WHERE email = '".$app->db->quote($this->dataRecord["destination"])."'");
 		$app->db->query("update mail_get SET sys_groupid = ".$tmp['sys_groupid']." WHERE mailget_id = ".$this->id);
 		
 	}

--
Gitblit v1.9.1