Description: SECURITY: fix SQL injection in show_gen_status()
 This vulnerability is only exploitable by authenticated users
 able to create new aliases. If the alias contains SQL code, the 
 list-virtual.php overview triggers the vulnerability.
Origin: backport, http://sourceforge.net/p/postfixadmin/code/1650
Applied-Upstream: 2.3.7
--- a/functions.inc.php
+++ b/functions.inc.php
@@ -2175,6 +2175,8 @@
     global $CONF, $table_alias;
     $stat_string = "";
 
+    $show_alias = escape_string($show_alias);
+
     $stat_goto = "";
     $stat_result = db_query ("SELECT goto FROM $table_alias WHERE address='$show_alias'");
     if ($stat_result['rows'] > 0)
