summaryrefslogtreecommitdiff
path: root/program/steps/addressbook
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2011-05-27 13:01:05 +0000
committeralecpl <alec@alec.pl>2011-05-27 13:01:05 +0000
commit516467080bd822cb94a4a9ef58a168dcdaf7535b (patch)
tree79dbd8e0463985fba5af3de12130b6aa4ccf97fc /program/steps/addressbook
parentd7344819834e469c2e5875f756f1ad973b2e06d9 (diff)
- Fix handling of "<" character in contact data, search fields and folder names, identity name and organization fields (#1487864)
Diffstat (limited to 'program/steps/addressbook')
-rw-r--r--program/steps/addressbook/save.inc9
-rw-r--r--program/steps/addressbook/search.inc2
2 files changed, 5 insertions, 6 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 253609780..0092eb103 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -95,7 +95,6 @@ if ($RCMAIL->action == 'upload-photo') {
$OUTPUT->send('iframe');
}
-
// read POST values into hash array
$a_record = array();
foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
@@ -106,7 +105,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
if ($colprop['childs']) {
$values = array();
foreach ($colprop['childs'] as $childcol => $cp) {
- $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST);
+ $vals = get_input_value('_'.$childcol, RCUBE_INPUT_POST, true);
foreach ((array)$vals as $i => $val)
$values[$i][$childcol] = $val;
}
@@ -117,7 +116,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
}
// assign values and subtypes
else if (is_array($_POST[$fname])) {
- $values = get_input_value($fname, RCUBE_INPUT_POST);
+ $values = get_input_value($fname, RCUBE_INPUT_POST, true);
$subtypes = get_input_value('_subtype_' . $col, RCUBE_INPUT_POST);
foreach ($values as $i => $val) {
$subtype = $subtypes[$i] ? ':'.$subtypes[$i] : '';
@@ -125,7 +124,7 @@ foreach ($GLOBALS['CONTACT_COLTYPES'] as $col => $colprop) {
}
}
else if (isset($_POST[$fname])) {
- $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
+ $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST, true);
}
}
@@ -190,7 +189,7 @@ if (!empty($cid))
$record['name'] = $record['email'];
foreach (array('name', 'email') as $col)
- $a_js_cols[] = (string)$record[$col];
+ $a_js_cols[] = Q((string)$record[$col]);
// update the changed col in list
$OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);
diff --git a/program/steps/addressbook/search.inc b/program/steps/addressbook/search.inc
index 7d6775507..8d25a8fbc 100644
--- a/program/steps/addressbook/search.inc
+++ b/program/steps/addressbook/search.inc
@@ -22,7 +22,7 @@
$CONTACTS->set_page(1);
$_SESSION['page'] = 1;
-$search = trim(get_input_value('_q', RCUBE_INPUT_GET));
+$search = trim(get_input_value('_q', RCUBE_INPUT_GET, true));
$search_request = md5('addr'.$search);
// get contacts for this user