Allow {$name} in e-mail

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1077 7c3ca157-0c34-0410-bff1-cbf682f78f5c

editor/include/adminer.inc.php

@@ -255,13 +255,21 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
 			$sent = 0;
 			if ($_POST["all"] || $_POST["check"]) {
 				$field = idf_escape($_POST["email_field"]);
-				$result = $dbh->query("SELECT DISTINCT $field FROM " . idf_escape($_GET["select"])
+				$subject = $_POST["email_subject"];
+				$message = $_POST["email_message"];
+				preg_match_all('~\\{\\$([a-z0-9_]+)\\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
+				$result = $dbh->query("SELECT DISTINCT $field, " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) . " FROM " . idf_escape($_GET["select"])
 					. " WHERE $field IS NOT NULL AND $field != ''"
 					. ($where ? " AND " . implode(" AND ", $where) : "")
 					. ($_POST["all"] ? "" : " AND ((" . implode(") OR (", array_map('where_check', (array) $_POST["check"])) . "))")
 				);
-				while ($row = $result->fetch_row()) {
-					if (is_email($row[0]) && mail($row[0], email_header($_POST["email_subject"]), $_POST["email_message"],
+				while ($row = $result->fetch_assoc()) {
+					$replace = array();
+					foreach ($matches[1] as $val) {
+						$replace['{$' . "$val}"] = $row[$val]; //! substitute foreign keys
+					}
+					$email = $row[$_POST["email_field"]];
+					if (is_email($email) && mail($email, email_header(strtr($subject, $replace)), strtr($message, $replace),
 						"MIME-Version: 1.0\nContent-Type: text/plain; charset=utf-8\nContent-Transfer-Encoding: 8bit"
 						. (is_email($_POST["email_from"]) ? "\nFrom: $_POST[email_from]" : "") //! should allow address with a name but simple application of email_header() adds the default server domain
 					)) {