From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/mail/mail_aliasdomain_edit.php |   17 +++++++++--------
 1 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/interface/web/mail/mail_aliasdomain_edit.php b/interface/web/mail/mail_aliasdomain_edit.php
index 0f2c684..918a5f3 100644
--- a/interface/web/mail/mail_aliasdomain_edit.php
+++ b/interface/web/mail/mail_aliasdomain_edit.php
@@ -97,11 +97,11 @@
 		global $app, $conf;
 
 		// Check if source Domain belongs to user
-		$domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["source"]))."' AND ".$app->tform->getAuthSQL('r'));
+		$domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["source"]));
 		if($domain["domain"] != $app->functions->idn_encode($_POST["source"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
 
 		// Check if the destination domain belongs to the user
-		$domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
+		$domain = $app->db->queryOneRecord("SELECT server_id, domain FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
 		if($domain["domain"] != $app->functions->idn_encode($_POST["destination"])) $app->tform->errorMessage .= $app->tform->wordbook["no_domain_perm"];
 
 		// Check the client limits, if user is not the admin
@@ -115,12 +115,13 @@
 		} // end if user is not admin
 
 		if($this->dataRecord["source"] == $this->dataRecord["destination"]) $app->tform->errorMessage .= $app->tform->wordbook["source_destination_identical_txt"];
-
+		
+		/* TODO: check if this quoting is correkt! */
 		// compose the source and destination field
-		$this->dataRecord["source"] = "@".$app->db->quote($this->dataRecord["source"]);
-		$this->dataRecord["destination"] = "@".$app->db->quote($this->dataRecord["destination"]);
+		$this->dataRecord["source"] = "@".$this->dataRecord["source"];
+		$this->dataRecord["destination"] = "@".$this->dataRecord["destination"];
 		// Set the server id of the mailbox = server ID of mail domain.
-		$this->dataRecord["server_id"] = $domain["server_id"];
+		$this->dataRecord["server_id"] = $app->functions->intval($domain["server_id"]);
 
 		parent::onSubmit();
 	}
@@ -128,8 +129,8 @@
 	function onAfterInsert() {
 		global $app;
 
-		$domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = '".$app->db->quote($app->functions->idn_encode($_POST["destination"]))."' AND ".$app->tform->getAuthSQL('r'));
-		$app->db->query("update mail_forwarding SET sys_groupid = ".$domain['sys_groupid']." WHERE forwarding_id = ".$this->id);
+		$domain = $app->db->queryOneRecord("SELECT sys_groupid FROM mail_domain WHERE domain = ? AND ".$app->tform->getAuthSQL('r'), $app->functions->idn_encode($_POST["destination"]));
+		$app->db->query("update mail_forwarding SET sys_groupid = ? WHERE forwarding_id = ?", $domain['sys_groupid'], $this->id);
 
 	}
 

--
Gitblit v1.9.1