diff options
| author | Carson Fleming <[email protected]> | 2024-12-30 20:55:43 -0800 |
|---|---|---|
| committer | Carson Fleming <[email protected]> | 2024-12-30 20:55:43 -0800 |
| commit | a8067fb0ad3f1de956ef48b95a21afae1bc00a06 (patch) | |
| tree | da24bab2e0f7d91ba1098ef6a9fa54f61ebb6442 | |
| parent | 2290fe83f666c659344d6560acb91cab271f537b (diff) | |
| download | rc-inbox-settings-a8067fb0ad3f1de956ef48b95a21afae1bc00a06.tar.gz | |
I was right, it was sus
| -rw-r--r-- | config.inc.php.dist | 2 | ||||
| -rw-r--r-- | inbox_settings.php | 10 |
2 files changed, 7 insertions, 5 deletions
diff --git a/config.inc.php.dist b/config.inc.php.dist index 20fe0e6..2bbc70b 100644 --- a/config.inc.php.dist +++ b/config.inc.php.dist @@ -82,5 +82,5 @@ $config['inbox_settings_keys_query'] = 'SELECT id, fingerprint, comment FROM pgp // %d - the domain part of the username // (in case the username is an email address) // %k - the key IDs being deleted -$config['inbox_settings_delete_keys_query'] = 'DELETE FROM pgp_keys WHERE id IN (%k) AND username = %u'; +$config['inbox_settings_delete_keys_query'] = 'DELETE FROM pgp_keys WHERE id IN %k AND username = %u'; ?> diff --git a/inbox_settings.php b/inbox_settings.php index a0b36b5..5a7658b 100644 --- a/inbox_settings.php +++ b/inbox_settings.php @@ -180,7 +180,7 @@ class inbox_settings extends rcube_plugin { } function delete_selected_keys() { - run_query('delete_keys', $_POST['keys']); + $this->run_query('delete_keys', ['%k' => $_POST['keys']]); $this->rcmail->output->set_pagetitle($this->gettext('deleting_key')); $this->rcmail->output->send('plugin'); } @@ -271,9 +271,11 @@ class inbox_settings extends rcube_plugin { private static function quote_replacement($db, $value) { if (!is_array($value)) return $db->quote($value, 'text'); - return '(' . implode(', ', array_map(function ($inner) { - return self::quote_replacement($db, $inner); - }, $value)) . ')'; + $quoted = []; + foreach ($value as $item) { + $quoted[] = self::quote_replacement($db, $item); + } + return '(' . implode(', ', $quoted) . ')'; } private static function parse_dsn($dsn) { |