summaryrefslogtreecommitdiff
path: root/program/steps/addressbook/save.inc
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2005-11-06 19:26:45 +0000
committerthomascube <thomas@roundcube.net>2005-11-06 19:26:45 +0000
commit10a699759d4f106f29c077a6d65d3b8d212825e5 (patch)
treed7a50bb94731e131a8a03c546ad3dbcaf0c4f1e1 /program/steps/addressbook/save.inc
parente0ddd4e6c03d533cc3f8427624e026cc20c88fa6 (diff)
Added localized messages to client and check form input
Diffstat (limited to 'program/steps/addressbook/save.inc')
-rw-r--r--program/steps/addressbook/save.inc35
1 files changed, 30 insertions, 5 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index c80707fcf..2f54e435b 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -23,6 +23,15 @@
$a_save_cols = array('name', 'firstname', 'surname', 'email');
+// check input
+if (empty($_POST['_name']) || empty($_POST['_email']))
+ {
+ show_message('formincomplete', 'warning');
+ rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
+ return;
+ }
+
+
// update an existing contact
if ($_POST['_cid'])
{
@@ -34,7 +43,7 @@ if ($_POST['_cid'])
if (!isset($_POST[$fname]))
continue;
- $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname])));
+ $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
}
if (sizeof($a_write_sql))
@@ -87,7 +96,7 @@ if ($_POST['_cid'])
{
// show error message
show_message('errorsaving', 'error');
- $_action = 'show';
+ rcmail_overwrite_action('show');
}
}
@@ -95,6 +104,22 @@ if ($_POST['_cid'])
else
{
$a_insert_cols = $a_insert_values = array();
+
+ // check for existing contacts
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE user_id=?
+ AND email=?
+ AND del<>'1'",
+ $_SESSION['user_id'],
+ $_POST['_email']);
+
+ // show warning message
+ if ($DB->num_rows($sql_result))
+ {
+ show_message('contactexists', 'warning');
+ $_action = 'add';
+ return;
+ }
foreach ($a_save_cols as $col)
{
@@ -103,13 +128,13 @@ else
continue;
$a_insert_cols[] = $col;
- $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
+ $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
}
if (sizeof($a_insert_cols))
{
$DB->query("INSERT INTO ".get_table_name('contacts')."
- (user_id, changedm ".join(', ', $a_insert_cols).")
+ (user_id, changed, ".join(', ', $a_insert_cols).")
VALUES (?, now(), ".join(', ', $a_insert_values).")",
$_SESSION['user_id']);
@@ -153,7 +178,7 @@ else
{
// show error message
show_message('errorsaving', 'error');
- $_action = 'add';
+ rcmail_overwrite_action('add');
}
}