From ab573e44ba8ff8306ada0ef361b6963cdad58b67 Mon Sep 17 00:00:00 2001 From: Benjamin Sonntag Date: Mon, 26 Jun 2017 17:07:13 +0200 Subject: [PATCH] fixing Roundcube module not using PDO properly --- roundcube/class/m_roundcube.php | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/roundcube/class/m_roundcube.php b/roundcube/class/m_roundcube.php index 1475820e..c4f08010 100644 --- a/roundcube/class/m_roundcube.php +++ b/roundcube/class/m_roundcube.php @@ -97,19 +97,22 @@ class m_roundcube { break; } - $req = $dbh->query("SELECT user_id FROM users WHERE username = ?;",array($fullmail)); + $stmt = $dbh->prepare("SELECT user_id FROM users WHERE username = ?;"); + $req=$stmt->execute(array($fullmail)); + if ($req) { foreach ( $req->fetchAll() as $t ) { if (empty($t['user_id'])) continue ; $rcuser_id=$t['user_id']; - $dbh->query("DELETE from contactgroupmembers where contactgroup_id in (select contactgroup_id from contactgroups where user_id = ?) ; ",array($rcuser_id)); - $dbh->query("DELETE from contactgroups where user_id = ? ; ",array($rcuser_id)); - $dbh->query("DELETE from contacts where user_id = ? ; ",array($rcuser_id)); - $dbh->query("DELETE from identities where user_id = ? ; ",array($rcuser_id)); - $dbh->query("DELETE from users where user_id = ? ; ",array($rcuser_id)); + $dbh->prepare("DELETE from contactgroupmembers where contactgroup_id in (select contactgroup_id from contactgroups where user_id = ?) ; ")->execute(array($rcuser_id)); + $dbh->prepare("DELETE from contactgroups where user_id = ? ; ")->execute(array($rcuser_id)); + $dbh->prepare("DELETE from contacts where user_id = ? ; ")->execute(array($rcuser_id)); + $dbh->prepare("DELETE from identities where user_id = ? ; ")->execute(array($rcuser_id)); + $dbh->prepare("DELETE from users where user_id = ? ; ")->execute(array($rcuser_id)); } //foreach - + } + } } /* Class Roundcube */