Index: mod_sql.c =================================================================== RCS file: /cvsroot/proftp/proftpd/contrib/mod_sql.c,v retrieving revision 1.94 retrieving revision 1.96 diff -u -r1.94 -r1.96 --- contrib/mod_sql.c 3 Jul 2005 18:52:01 -0000 1.94 +++ contrib/mod_sql.c 4 Aug 2005 21:06:21 -0000 1.96 @@ -1413,7 +1413,7 @@ sql_data_t *sd = NULL; modret_t *mr = NULL; array_header *gids = NULL, *groups = NULL; - char *name = cmd->argv[0]; + char *name = cmd->argv[0], *username = NULL; int numrows = 0; register unsigned int i = 0; @@ -1447,11 +1447,17 @@ * WHERE members LIKE '%,<user>,%' OR LIKE '<user>,%' OR LIKE '%,<user>'; */ + mr = _sql_dispatch(_sql_make_cmd(cmd->tmp_pool, 2, "default", + pr_str_strip(cmd->tmp_pool, name)), "sql_escapestring"); + _sql_check_response(mr); + + username = (char *) mr->data; + grpwhere = pstrcat(cmd->tmp_pool, - cmap.grpmembersfield, " = '", name, "' OR ", - cmap.grpmembersfield, " LIKE '", name, ",%' OR ", - cmap.grpmembersfield, " LIKE '%,", name, "' OR ", - cmap.grpmembersfield, " LIKE '%,", name, ",%'", NULL); + cmap.grpmembersfield, " = '", username, "' OR ", + cmap.grpmembersfield, " LIKE '", username, ",%' OR ", + cmap.grpmembersfield, " LIKE '%,", username, "' OR ", + cmap.grpmembersfield, " LIKE '%,", username, ",%'", NULL); where = _sql_where(cmd->tmp_pool, 2, grpwhere, cmap.groupwhere); @@ -2179,7 +2185,7 @@ *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@ -2253,7 +2259,7 @@ *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@ -2343,7 +2349,7 @@ *outsp++ = 0; /* add the response */ - pr_response_add_err( c->argv[0], outs); + pr_response_add_err(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); @@ -2417,7 +2423,7 @@ *outsp++ = 0; /* add the response */ - pr_response_add( c->argv[0], outs); + pr_response_add(c->argv[0], "%s", outs); } while((c = find_config_next(c, c->next, CONF_PARAM, name, FALSE)) != NULL); Index: response.c =================================================================== RCS file: /cvsroot/proftp/proftpd/src/response.c,v retrieving revision 1.4 retrieving revision 1.5 diff -u -r1.4 -r1.5 --- src/response.c 3 Jun 2003 16:25:23 -0000 1.4 +++ src/response.c 5 Jul 2005 15:42:01 -0000 1.5 @@ -1,6 +1,6 @@ /* * ProFTPD - FTP server daemon - * Copyright (c) 2001, 2002, 2003 The ProFTPD Project team + * Copyright (c) 2001-2005 The ProFTPD Project team * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -23,7 +23,7 @@ */ /* Command response routines - * $Id: response.c,v 1.4 2003/06/03 16:25:23 castaglia Exp $ + * $Id: response.c,v 1.5 2005/07/05 15:42:01 castaglia Exp $ */ #include "conf.h" @@ -169,7 +169,7 @@ buf[sizeof(buf) - 1] = '\0'; sstrcat(buf, "\r\n", sizeof(buf)); - RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, buf, strlen(buf)) + RESPONSE_WRITE_STR_ASYNC(session.c->outstrm, "%s", buf) } void pr_response_send(const char *resp_numeric, const char *fmt, ...) {