email-Modul auf prepared-statements umgestellt (c797217) - webinterface.git

email-Modul auf prepared-statements umgestellt

Bernd Wurst commited on 2014-02-02 08:03:52
Zeige 3 geänderte Dateien mit 45 Einfügungen und 39 Löschungen.

modules/email/include/hasaccount.php cb47ba0..7a33624
modules/email/include/hasdomain.php 22769ae..2642f2a
modules/email/include/mailaccounts.php e264d8c..8659690

@@ -19,7 +19,7 @@ require_once('inc/base.php');
 function user_has_accounts()
 {
   $uid = (int) $_SESSION['userinfo']['uid'];
-  $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
+  $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=?", array($uid));
   DEBUG($result->rowCount()." accounts");
   return ($result->rowCount() > 0);
 }
@@ -33,7 +33,7 @@ if (! function_exists("user_has_vmail_domain"))
                 return false;
         }
         $uid = (int) $_SESSION['userinfo']['uid'];
-        $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
+        $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
         $row = $result->fetch();
         $count = $row[0];
         DEBUG("User has {$count} vmail-domains");

modules/email/include/hasdomain.php

Zeige Datei @ c797217

@@ -23,7 +23,7 @@ if (! function_exists("user_has_vmail_domain"))
 		return false;
 	}
 	$uid = (int) $_SESSION['userinfo']['uid'];
-	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
+	$result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
 	$row = $result->fetch();
 	$count = $row[0];
 	DEBUG("User has {$count} vmail-domains");
@@ -40,8 +40,8 @@ if (! function_exists("user_has_dotcourier_domain"))
 		return false;
 	}
 	$uid = (int) $_SESSION['userinfo']['uid'];
-	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ". 
-            "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
+	$result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user=:uid or c.uid=:uid}UNION ". 
+            "SELECT 1 FROM mail.v_domains AS d WHERE d.user=:uid AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains)", array(":uid" => $uid));
   $ret = ($result->rowCount() > 0);
   if ($ret)
     DEBUG("User {$uid} has dotcourier-domains");

modules/email/include/mailaccounts.php

Zeige Datei @ c797217

@@ -25,7 +25,7 @@ require_once('common.php');
 function mailaccounts($uid)
 {
   $uid = (int) $uid;
-  $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
+  $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=:uid ORDER BY if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`), local", array(":masterdomain" => config("masterdomain"), ":uid" => $uid));
   DEBUG("Found ".@$result->rowCount()." rows!");
   $accounts = array();
   if (@$result->rowCount() > 0)
@@ -38,7 +38,7 @@ function get_mailaccount($id)
 {
   $id = (int) $id;
   $uid = (int) $_SESSION['userinfo']['uid'];
-  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
+  $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=:mid AND m.uid=:uid", array(":masterdomain" => config("masterdomain"), ":uid" => $uid, ":mid" => $id));
   DEBUG("Found ".$result->rowCount()." rows!");
   if ($result->rowCount() != 1)
     system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
@@ -52,45 +52,50 @@ function change_mailaccount($id, $arr)
 {
   $id = (int) $id;
   $uid = (int) $_SESSION['userinfo']['uid'];
-  $conditions = array();
+  $conditions = array("local=:local", "domain=:domain");
+  $values = array(":id" => $id, ":uid" => $uid);
 
   if (isset($arr['account']))
   {
     list($local, $domain) = explode('@', $arr['account'], 2);
     if ($domain == config('masterdomain'))
     {
-      $values['domain'] = "NULL";
+      $values[':domain'] = NULL;
     }
     else
     {
       $domain = new Domain( (string) $domain);
-      if ($domain->id == NULL)
-        array_push($conditions, "domain=NULL");
-      else
-      {
+      if ($domain->id == NULL) {
+        $values[":domain"] = NULL;
+      } else {
         $domain->ensure_userdomain();
-        array_push($conditions, "domain={$domain->id}");
+        $values[":domain"] = $domain->id;
       }
     }
-    array_push($conditions, "local='".db_escape_string($local)."'");
+    $values[":local"] = $local;
   }
-  if (isset($arr['mailbox']))
+  if (isset($arr['mailbox'])) {
+    array_push($conditions, "`maildir`=:maildir");
     if ($arr['mailbox'] == '')
-      array_push($conditions, "`maildir`=NULL");
+      $values[":mailbox"] = NULL;
     else
-      array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'");
+      $values[":mailbox"] = $arr['mailbox'];
+  }
 
   if (isset($arr['password']))
   {
     $encpw = encrypt_mail_password($arr['password']);
-    array_push($conditions, "`password`='$encpw'");
+    array_push($conditions, "`password`=:password");
+    $values[":password"] = $encpw;
   }
 
-  if (isset($arr['enabled']))
-    array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
+  if (isset($arr['enabled'])) {
+    array_push($conditions, "`aktiv`=:aktiv");
+    $values[":aktiv"] = ($arr['enabled'] == 'Y' ? 1 : 0);
+  }
 
 
-  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
+  db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id=:id AND uid=:uid", $values);
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
 
 }
@@ -102,43 +107,44 @@ function create_mailaccount($arr)
   if (($arr['account']) == '')
     system_failure('empty account name!');
 
-  $values['uid'] = (int) $_SESSION['userinfo']['uid'];
+  $values[':uid'] = (int) $_SESSION['userinfo']['uid'];
 
   list($local, $domain) = explode('@', $arr['account'], 2);
   if ($domain == config('masterdomain'))
   {
-    $values['domain'] = "NULL";
+    $values[':domain'] = NULL;
   }
   else
   {
     $domain = new Domain( (string) $domain);
     if ($domain->id == NULL)
-      $values['domain'] = "NULL";
+      $values[':domain'] = NULL;
     else {
       $domain->ensure_userdomain();
-      $values['domain'] = $domain->id;
+      $values[':domain'] = $domain->id;
     }
   }
 
-  $values['local'] = "'".db_escape_string($local)."'";
+  $values[':local'] = $local;
 
   if (isset($arr['mailbox']))
     if ($arr['mailbox'] == '')
-      $values['maildir'] = 'NULL';
+      $values[':maildir'] = NULL;
     else
-      $values['maildir']= "'".db_escape_string($arr['mailbox'])."'";
+      $values[':maildir']= $arr['mailbox'];
 
 
   if (isset($arr['password']))
   {
-    $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
+    $values[':password'] = encrypt_mail_password($arr['password']);
   }
 
   if (isset($arr['enabled']))
-    $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
+    $values[':aktiv'] = ($arr['enabled'] == 'Y' ? 1 : 0 );
 
 
-  db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
+  $fields = array_map( function ($k) { return substr($k, 1);}, array_keys($values));
+  db_query("INSERT INTO mail.mailaccounts (".implode(',', $fields).") VALUES (".implode(",", array_keys($values)).")", $values);
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«");
 
 }
@@ -148,10 +154,10 @@ function get_mailaccount_id($accountname)
 {
   list($local, $domain) = explode('@', $accountname, 2);
 
-  $local = db_escape_string($local);
-  $domain = db_escape_string($domain);
+  $args = array(":local" => $local,
+                ":domain" => $domain);
 
-  $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
+  $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local=:local AND dom.domainname=:domain", $args);
   if ($result->rowCount() != 1)
     system_failure('account nicht eindeutig');
   $acc = $result->fetch();
@@ -162,7 +168,7 @@ function get_mailaccount_id($accountname)
 function delete_mailaccount($id)
 {
   $id = (int) $id;
-  db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
+  db_query("DELETE FROM mail.mailaccounts WHERE id=?", array($id));
   logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«");
 }
 
@@ -212,7 +218,7 @@ function check_valid($acc)
 function imap_on_vmail_domain()
 {
   $uid = (int) $_SESSION['userinfo']['uid'];
-  $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
+  $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid=?", array($uid));
   if ($result->rowCount() > 0)
     return true;
   return false;
@@ -221,11 +227,11 @@ function imap_on_vmail_domain()
 function user_has_only_vmail_domains()
 {
   $uid = (int) $_SESSION['userinfo']['uid'];
-  $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
+  $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
   // User hat keine VMail-Domains
   if ($result->rowCount() == 0)
     return false;
-  $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
+  $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user=?", array($uid));
   // User hat keine Domains die nicht vmail-Domains sind
   if ($result->rowCount() == 0)
     return true;


...	...	@@ -25,7 +25,7 @@ require_once('common.php');
25	25	function mailaccounts($uid)
26	26	{
27	27	$uid = (int) $uid;
28		- $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid ORDER BY if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`), local");
	28	+ $result = db_query("SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=:uid ORDER BY if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`), local", array(":masterdomain" => config("masterdomain"), ":uid" => $uid));
29	29	DEBUG("Found ".@$result->rowCount()." rows!");
30	30	$accounts = array();
31	31	if (@$result->rowCount() > 0)
...	...	@@ -38,7 +38,7 @@ function get_mailaccount($id)
38	38	{
39	39	$id = (int) $id;
40	40	$uid = (int) $_SESSION['userinfo']['uid'];
41		- $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),'".config('masterdomain')."',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id AND m.uid={$uid}");
	41	+ $result = db_query("SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),:masterdomain,`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=:mid AND m.uid=:uid", array(":masterdomain" => config("masterdomain"), ":uid" => $uid, ":mid" => $id));
42	42	DEBUG("Found ".$result->rowCount()." rows!");
43	43	if ($result->rowCount() != 1)
44	44	system_failure('Dieser Mailaccount existiert nicht oder gehört Ihnen nicht');
...	...	@@ -52,45 +52,50 @@ function change_mailaccount($id, $arr)
52	52	{
53	53	$id = (int) $id;
54	54	$uid = (int) $_SESSION['userinfo']['uid'];
55		- $conditions = array();
	55	+ $conditions = array("local=:local", "domain=:domain");
	56	+ $values = array(":id" => $id, ":uid" => $uid);
56	57
57	58	if (isset($arr['account']))
58	59	{
59	60	list($local, $domain) = explode('@', $arr['account'], 2);
60	61	if ($domain == config('masterdomain'))
61	62	{
62		- $values['domain'] = "NULL";
	63	+ $values[':domain'] = NULL;
63	64	}
64	65	else
65	66	{
66	67	$domain = new Domain( (string) $domain);
67		- if ($domain->id == NULL)
68		- array_push($conditions, "domain=NULL");
69		- else
70		- {
	68	+ if ($domain->id == NULL) {
	69	+ $values[":domain"] = NULL;
	70	+ } else {
71	71	$domain->ensure_userdomain();
72		- array_push($conditions, "domain={$domain->id}");
	72	+ $values[":domain"] = $domain->id;
73	73	}
74	74	}
75		- array_push($conditions, "local='".db_escape_string($local)."'");
	75	+ $values[":local"] = $local;
76	76	}
77		- if (isset($arr['mailbox']))
	77	+ if (isset($arr['mailbox'])) {
	78	+ array_push($conditions, "`maildir`=:maildir");
78	79	if ($arr['mailbox'] == '')
79		- array_push($conditions, "`maildir`=NULL");
	80	+ $values[":mailbox"] = NULL;
80	81	else
81		- array_push($conditions, "`maildir`='".db_escape_string($arr['mailbox'])."'");
	82	+ $values[":mailbox"] = $arr['mailbox'];
	83	+ }
82	84
83	85	if (isset($arr['password']))
84	86	{
85	87	$encpw = encrypt_mail_password($arr['password']);
86		- array_push($conditions, "`password`='$encpw'");
	88	+ array_push($conditions, "`password`=:password");
	89	+ $values[":password"] = $encpw;
87	90	}
88	91
89		- if (isset($arr['enabled']))
90		- array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
	92	+ if (isset($arr['enabled'])) {
	93	+ array_push($conditions, "`aktiv`=:aktiv");
	94	+ $values[":aktiv"] = ($arr['enabled'] == 'Y' ? 1 : 0);
	95	+ }
91	96
92	97
93		- db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' AND uid={$uid}");
	98	+ db_query("UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id=:id AND uid=:uid", $values);
94	99	logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "updated account »{$arr['account']}«");
95	100
96	101	}
...	...	@@ -102,43 +107,44 @@ function create_mailaccount($arr)
102	107	if (($arr['account']) == '')
103	108	system_failure('empty account name!');
104	109
105		- $values['uid'] = (int) $_SESSION['userinfo']['uid'];
	110	+ $values[':uid'] = (int) $_SESSION['userinfo']['uid'];
106	111
107	112	list($local, $domain) = explode('@', $arr['account'], 2);
108	113	if ($domain == config('masterdomain'))
109	114	{
110		- $values['domain'] = "NULL";
	115	+ $values[':domain'] = NULL;
111	116	}
112	117	else
113	118	{
114	119	$domain = new Domain( (string) $domain);
115	120	if ($domain->id == NULL)
116		- $values['domain'] = "NULL";
	121	+ $values[':domain'] = NULL;
117	122	else {
118	123	$domain->ensure_userdomain();
119		- $values['domain'] = $domain->id;
	124	+ $values[':domain'] = $domain->id;
120	125	}
121	126	}
122	127
123		- $values['local'] = "'".db_escape_string($local)."'";
	128	+ $values[':local'] = $local;
124	129
125	130	if (isset($arr['mailbox']))
126	131	if ($arr['mailbox'] == '')
127		- $values['maildir'] = 'NULL';
	132	+ $values[':maildir'] = NULL;
128	133	else
129		- $values['maildir']= "'".db_escape_string($arr['mailbox'])."'";
	134	+ $values[':maildir']= $arr['mailbox'];
130	135
131	136
132	137	if (isset($arr['password']))
133	138	{
134		- $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
	139	+ $values[':password'] = encrypt_mail_password($arr['password']);
135	140	}
136	141
137	142	if (isset($arr['enabled']))
138		- $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
	143	+ $values[':aktiv'] = ($arr['enabled'] == 'Y' ? 1 : 0 );
139	144
140	145
141		- db_query("INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")");
	146	+ $fields = array_map( function ($k) { return substr($k, 1);}, array_keys($values));
	147	+ db_query("INSERT INTO mail.mailaccounts (".implode(',', $fields).") VALUES (".implode(",", array_keys($values)).")", $values);
142	148	logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "created account »{$arr['account']}«");
143	149
144	150	}
...	...	@@ -148,10 +154,10 @@ function get_mailaccount_id($accountname)
148	154	{
149	155	list($local, $domain) = explode('@', $accountname, 2);
150	156
151		- $local = db_escape_string($local);
152		- $domain = db_escape_string($domain);
	157	+ $args = array(":local" => $local,
	158	+ ":domain" => $domain);
153	159
154		- $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local='{$local}' AND dom.domainname='{$domain}'");
	160	+ $result = db_query("SELECT acc.id FROM mail.mailaccounts AS acc LEFT JOIN mail.v_domains AS dom ON (dom.id=acc.domain) WHERE local=:local AND dom.domainname=:domain", $args);
155	161	if ($result->rowCount() != 1)
156	162	system_failure('account nicht eindeutig');
157	163	$acc = $result->fetch();
...	...	@@ -162,7 +168,7 @@ function get_mailaccount_id($accountname)
162	168	function delete_mailaccount($id)
163	169	{
164	170	$id = (int) $id;
165		- db_query("DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1");
	171	+ db_query("DELETE FROM mail.mailaccounts WHERE id=?", array($id));
166	172	logger(LOG_INFO, "modules/imap/include/mailaccounts", "imap", "deleted account »{$id}«");
167	173	}
168	174
...	...	@@ -212,7 +218,7 @@ function check_valid($acc)
212	218	function imap_on_vmail_domain()
213	219	{
214	220	$uid = (int) $_SESSION['userinfo']['uid'];
215		- $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid={$uid}");
	221	+ $result = db_query("SELECT m.id FROM mail.mailaccounts AS m INNER JOIN mail.virtual_mail_domains AS vd USING (domain) WHERE m.uid=?", array($uid));
216	222	if ($result->rowCount() > 0)
217	223	return true;
218	224	return false;
...	...	@@ -221,11 +227,11 @@ function imap_on_vmail_domain()
221	227	function user_has_only_vmail_domains()
222	228	{
223	229	$uid = (int) $_SESSION['userinfo']['uid'];
224		- $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount={$uid}");
	230	+ $result = db_query("SELECT id FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
225	231	// User hat keine VMail-Domains
226	232	if ($result->rowCount() == 0)
227	233	return false;
228		- $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user={$uid}");
	234	+ $result = db_query("SELECT d.id FROM mail.v_domains AS d LEFT JOIN mail.v_vmail_domains AS vd USING (domainname) WHERE vd.id IS NULL AND d.user=?", array($uid));
229	235	// User hat keine Domains die nicht vmail-Domains sind
230	236	if ($result->rowCount() == 0)
231	237	return true;
232	238

...	...	@@ -19,7 +19,7 @@ require_once('inc/base.php');
19	19	function user_has_accounts()
20	20	{
21	21	$uid = (int) $_SESSION['userinfo']['uid'];
22		- $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=$uid");
	22	+ $result = db_query("SELECT id from `mail`.`mailaccounts` WHERE uid=?", array($uid));
23	23	DEBUG($result->rowCount()." accounts");
24	24	return ($result->rowCount() > 0);
25	25	}
...	...	@@ -33,7 +33,7 @@ if (! function_exists("user_has_vmail_domain"))
33	33	return false;
34	34	}
35	35	$uid = (int) $_SESSION['userinfo']['uid'];
36		- $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
	36	+ $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
37	37	$row = $result->fetch();
38	38	$count = $row[0];
39	39	DEBUG("User has {$count} vmail-domains");

...	...	@@ -23,7 +23,7 @@ if (! function_exists("user_has_vmail_domain"))
23	23	return false;
24	24	}
25	25	$uid = (int) $_SESSION['userinfo']['uid'];
26		- $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount='{$uid}'");
	26	+ $result = db_query("SELECT COUNT(*) FROM mail.v_vmail_domains WHERE useraccount=?", array($uid));
27	27	$row = $result->fetch();
28	28	$count = $row[0];
29	29	DEBUG("User has {$count} vmail-domains");
...	...	@@ -40,8 +40,8 @@ if (! function_exists("user_has_dotcourier_domain"))
40	40	return false;
41	41	}
42	42	$uid = (int) $_SESSION['userinfo']['uid'];
43		- $result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user={$uid} or c.uid={$uid} UNION ".
44		- "SELECT 1 FROM mail.v_domains AS d WHERE d.user={$uid} AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains);");
	43	+ $result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user=:uid or c.uid=:uid}UNION ".
	44	+ "SELECT 1 FROM mail.v_domains AS d WHERE d.user=:uid AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains)", array(":uid" => $uid));
45	45	$ret = ($result->rowCount() > 0);
46	46	if ($ret)
47	47	DEBUG("User {$uid} has dotcourier-domains");