7 месяцев назад · abd789f629
--- a/data/web/inc/functions.inc.php
+++ b/data/web/inc/functions.inc.php
@@ -1174,7 +1174,7 @@ function user_get_alias_details($username) {
 
				     AND `goto` != :username_goto2

			
 
				     AND `address` != :username_address");

			
 
				   $stmt->execute(array(

			
 
				-    ':username_goto' => '(^|,)'.$username.'($|,)',

			
 
				+    ':username_goto' => '(^|,)'.preg_quote($username, '/').'($|,)',

			
 
				     ':username_goto2' => $username,

			
 
				     ':username_address' => $username

			
 
				     ));

			
@@ -1222,7 +1222,7 @@ function user_get_alias_details($username) {
 
				     $data['aliases_send_as_all'] = $row['send_as'];

			
 
				   }

			
 
				   $stmt = $pdo->prepare("SELECT IFNULL(GROUP_CONCAT(`address` SEPARATOR ', '), '') as `address` FROM `alias` WHERE `goto` REGEXP :username AND `address` LIKE '@%';");

			
 
				-  $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)'));

			
 
				+  $stmt->execute(array(':username' => '(^|,)'.preg_quote($username, '/').'($|,)'));

			
 
				   $run = $stmt->fetchAll(PDO::FETCH_ASSOC);

			
 
				   while ($row = array_shift($run)) {

			
 
				     $data['is_catch_all'] = $row['address'];

			
--- a/data/web/inc/functions.mailbox.inc.php
+++ b/data/web/inc/functions.mailbox.inc.php
@@ -3768,7 +3768,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
				           $data['external_sender_aliases']                = array();

			
 
				           // Fixed addresses

			
 
				           $stmt = $pdo->prepare("SELECT `address` FROM `alias` WHERE `goto` REGEXP :goto AND `address` NOT LIKE '@%'");

			
 
				-          $stmt->execute(array(':goto' => '(^|,)'.$_data.'($|,)'));

			
 
				+          $stmt->execute(array(':goto' => '(^|,)'.preg_quote($_data, '/').'($|,)'));

			
 
				           $rows = $stmt->fetchAll(PDO::FETCH_ASSOC);

			
 
				           while ($row = array_shift($rows)) {

			
 
				             $data['fixed_sender_aliases'][] = $row['address'];

			
@@ -5534,7 +5534,7 @@ function mailbox($_action, $_type, $_data = null, $_extra = null) {
 
				             ));

			
 
				             $stmt = $pdo->prepare("SELECT `address`, `goto` FROM `alias`

			
 
				                 WHERE `goto` REGEXP :username");

			
 
				-            $stmt->execute(array(':username' => '(^|,)'.$username.'($|,)'));

			
 
				+            $stmt->execute(array(':username' => '(^|,)'.preg_quote($username, '/').'($|,)'));

			
 
				             $GotoData = $stmt->fetchAll(PDO::FETCH_ASSOC);

			
 
				             foreach ($GotoData as $gotos) {

			
 
				               $goto_exploded = explode(',', $gotos['goto']);