From: Michael Rasmussen <mir@datanom.net>
Date: Thu, 11 Jun 2015 17:27:56 +0000 (+0200)
Subject: Enhance security
X-Git-Url: http://git.datanom.net/qtadmin.git/commitdiff_plain/24c77b7b310aefcb3c1b1ce4d02099e6f0cbfe84

Enhance security
---

diff --git a/lib/db_implementation.php b/lib/db_implementation.php
index 4304328..0ef791a 100644
--- a/lib/db_implementation.php
+++ b/lib/db_implementation.php
@@ -9,6 +9,7 @@ abstract class DBImpl {
     abstract protected function getMarked($recipient = 'all');
     abstract protected function numRows();
     abstract protected function getMail($id);
+    abstract protected function getRecipient($id);
     abstract protected function setCharset($charset = 'utf8');
     abstract protected function update($sql);
 }
diff --git a/lib/db_mysqli.inc.php b/lib/db_mysqli.inc.php
index 584e843..9203f6d 100644
--- a/lib/db_mysqli.inc.php
+++ b/lib/db_mysqli.inc.php
@@ -146,6 +146,26 @@ class DBMysqli extends DBImpl {
         return $row;
     }
 
+    public function getRecipient($id) {
+        $recipient = false;
+
+        $query = "SELECT recipient.email as recipient FROM quarantine q LEFT JOIN msgrcpt ";
+        $query .= "ON msgrcpt.mail_id = q.mail_id LEFT JOIN msgs ON ";
+        $query .= "msgs.mail_id = q.mail_id LEFT JOIN maddr AS recipient ";
+        $query .= "ON msgrcpt.rid = recipient.id LEFT JOIN maddr AS sender ON ";
+        $query .= "msgs.sid = sender.id WHERE q.mail_id = '$id'";
+
+        if ($result = $this->con->query($query, MYSQLI_USE_RESULT)) {
+            $obj = $result->fetch_object();
+            if ($obj) {
+                $recipient = $obj->recipient;
+            }
+            $result->free();
+        }
+
+        return $recipient;
+    }
+
 }
 
 ?>