From 369ab3bf34c2f80fb1756ff97ecb517ef6ba51c2 Mon Sep 17 00:00:00 2001
From: Benjamin Sonntag <benjamin@sonntag.fr>
Date: Tue, 17 May 2016 18:44:21 +0200
Subject: [PATCH] [security] using prepared query for scripts too

---
 src/mail_add.php  | 2 +-
 src/spoolsize.php | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/mail_add.php b/src/mail_add.php
index 47ff2b9f..b77a5af2 100644
--- a/src/mail_add.php
+++ b/src/mail_add.php
@@ -52,7 +52,7 @@ $recipients = array_slice($argv, 2); // rest is recipients
 // there's no function to do that, oddly enough...
 // there's one to extract the compte from the mail_id (!) but we
 // haven't created it yet...
-$db->query('SELECT id,compte FROM domaines WHERE domaine="'.addslashes($domain).'"');
+$db->query('SELECT id,compte FROM domaines WHERE domaine=?',array($domain));
 if ($db->next_record()) {
   $compte = $db->f('compte');
   $domain_id = $db->f('id');
diff --git a/src/spoolsize.php b/src/spoolsize.php
index c6084e28..948cd917 100644
--- a/src/spoolsize.php
+++ b/src/spoolsize.php
@@ -18,7 +18,7 @@ if ($db->query("SELECT uid,login FROM membres;")) {
   while ($db->next_record()) {
     if (isset($list_quota[$db->f('uid')])) {
       $qu=$list_quota[$db->f('uid')];
-      $db2->query("INSERT OR REPLACE INTO size_web SET uid='".intval($db->f('uid'))."',size='".intval($qu['used'])."';");
+      $db2->query("INSERT OR REPLACE INTO size_web SET uid=?, size=?;",array(intval($db->f('uid')),intval($qu['used'])));
       echo $db->f('login')." (".$qu['used']." B)\n";
     }  
   }
@@ -32,7 +32,7 @@ echo "\n---------------------------\n Generating size-cache for MySQL databases\
     $tab=$mysql->get_dbus_size($c["name"],$c["host"],$c["login"],$c["password"],$c["client"]);
     echo "++ Processing ".$c["name"]." ++\n";
     foreach ($tab as $dbname=>$size) {
-      $db->query("REPLACE INTO size_db SET db='".$dbname."',size='$size';"); 
+        $db->query("REPLACE INTO size_db SET db=?,size=?;",array($dbname,$size)); 
       echo "   $dbname done ($size B) \n"; flush();
     }
     echo "\n";
@@ -52,7 +52,7 @@ if ($db->query("SELECT uid, name FROM mailman;")) {
       $size2=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"]));
       $size3=exec("sudo /usr/lib/alternc/du.pl ".escapeshellarg("/var/lib/mailman/archives/private/".$c["name"].".mbox"));
       $size=(intval($size1)+intval($size2)+intval($size3));
-      $db->query("REPLACE INTO size_mailman SET uid='".$c["uid"]."',list='".$c["name"]."', size='$size';");
+      $db->query("REPLACE INTO size_mailman SET uid=?,list=?,size=?;",array($c["uid"],$c["name"],$size));
       echo " done ($size KB) \n"; flush();
     }
   }