From 11f2b6ba3ef9009deb73816743b6f439cd7c3b36 Mon Sep 17 00:00:00 2001
From: stekkel <stekkel@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Tue, 27 Apr 2004 19:20:18 +0000
Subject: [PATCH] SQL injection fix. This is serious I think.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@7293 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 functions/abook_database.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/functions/abook_database.php b/functions/abook_database.php
index 532ef988..5fdd0d60 100644
--- a/functions/abook_database.php
+++ b/functions/abook_database.php
@@ -174,7 +174,7 @@ class abook_database extends addressbook_backend {
         }
          
         $query = sprintf("SELECT * FROM %s WHERE owner='%s' AND nickname='%s'",
-                         $this->table, $this->owner, $alias);
+                         $this->table, $this->owner, $this->dbh->quoteString($alias));
 
         $res = $this->dbh->query($query);
 
-- 
2.25.1