Fixed PHP warning, added check for allowed characters in variable name

1 files changed, 11 insertions, 6 deletions

diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index b3be9c72c..70b280d4b 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -854,17 +854,22 @@ class managesieve extends rcube_plugin
                     break;
 
                 case 'set':
+                    $this->form['actions'][$i]['name'] = $varnames[$idx];
+                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
+                    foreach ((array)$varmods[$idx] as $v_m) {
+                        $this->form['actions'][$i][$v_m] = true;
+                    }
+
                     if (empty($varnames[$idx])) {
                         $this->errors['actions'][$i]['name'] = $this->gettext('cannotbeempty');
                     }
-                    if (empty($varvalues[$idx])) {
-                        $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
+                    else if (!preg_match('/^[0-9a-z_]+$/i', $varnames[$idx])) {
+                        $this->errors['actions'][$i]['name'] = $this->gettext('forbiddenchars');
                     }
-                    foreach ($varmods[$idx] as $v_m) {
-                        $this->form['actions'][$i][$v_m] = true;
+
+                    if (!isset($varvalues[$idx]) || $varvalues[$idx] === '') {
+                        $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
                     }
-                    $this->form['actions'][$i]['name'] = $varnames[$idx];
-                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
                     break;
                 }