the-djmaze/snappymail
1
1
Fork 0
mirror of https://github.com/the-djmaze/snappymail.git synced 2025-09-26 06:54:33 +08:00
Code Issues Projects Releases Packages Wiki Activity

try to plug the hole in the custom sql plugin

Browse source
This commit is contained in:
rolfen 2018-10-20 12:35:57 +00:00
parent 95eb786a3f
commit b17e5dd11d
1 changed files with 35 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
plugins/change-password-custom-sql/ChangePasswordCustomSqlDriver.php
View file

@ -146,7 +146,7 @@ class ChangePasswordCustomSqlDriver implements \RainLoop\Providers\ChangePasswor
$dsn = 'mysql:host='.$this->mHost.';dbname='.$this->mDatabase.';charset=utf8';
$options = array(
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_EMULATE_PREPARES => true,
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
@ -160,15 +160,43 @@ class ChangePasswordCustomSqlDriver implements \RainLoop\Providers\ChangePasswor
$sEmailUser = \MailSo\Base\Utils::GetAccountNameFromEmail($sEmail);
$sEmailDomain = \MailSo\Base\Utils::GetDomainFromEmail($sEmail);
//simple check
// some variables cannot be prepared
/*
$this->mSql = str_replace(array(
':table'
), array(
$this->mTable
), $this->mSql);
*/
$old = array(':email', ':oldpass', ':newpass', ':domain', ':username', ':table' );
$new = array($sEmail, $sPrevPassword, $sNewPassword, $sEmailDomain, $sEmailUser, $this->mTable);
$placeholders = array(
':table' => $this->mTable,
':email' => $sEmail,
':oldpass' => $sPrevPassword,
':newpass' => $sNewPassword,
':domain' => $sEmailDomain,
':username' => $sEmailUser
);
$this->mSql = str_replace($old, $new, $this->mSql);
$statement = $conn->prepare($this->mSql);
$this->oLogger->Write($this->mSql);
$statement->bindValue(':table', 'accounts');
$statement->bindValue(':email', $sEmail);
$statement->bindValue(':oldpass', $sPrevPassword);
$statement->bindValue(':newpass', $sNewPassword);
$statement->bindValue(':domain', $sEmailDomain);
$statement->bindValue(':username', $sEmailUser);
$mSqlReturn = $statement->execute();
ob_start();
$statement->debugDumpParams();
$r = ob_get_contents();
ob_end_clean();
$this->oLogger->Write($r);
$update = $conn->prepare($this->mSql);
$mSqlReturn = $update->execute(array());
if ($mSqlReturn == true)
{
$bResult = true;