diff options
| -rw-r--r-- | program/steps/addressbook/copy.inc | 2 | ||||
| -rw-r--r-- | program/steps/addressbook/delete.inc | 8 | ||||
| -rw-r--r-- | program/steps/addressbook/mailto.inc | 2 |
3 files changed, 5 insertions, 7 deletions
diff --git a/program/steps/addressbook/copy.inc b/program/steps/addressbook/copy.inc index 80dee49c3..525f9278a 100644 --- a/program/steps/addressbook/copy.inc +++ b/program/steps/addressbook/copy.inc @@ -27,7 +27,7 @@ $cid = get_input_value('_cid', RCUBE_INPUT_POST); $target = get_input_value('_to', RCUBE_INPUT_POST); $target_group = get_input_value('_togid', RCUBE_INPUT_POST); -if ($cid && preg_match('/^[a-z0-9\-_=]+(,[a-z0-9\-_=]+)*$/i', $cid) && strlen($target) && $target !== $source) +if ($cid && preg_match('/^[a-zA-Z0-9\+\/=_-]+(,[a-zA-Z0-9\+\/=_-]+)*$/', $cid) && strlen($target) && $target !== $source) { $success = 0; $TARGET = $RCMAIL->get_address_book($target); diff --git a/program/steps/addressbook/delete.inc b/program/steps/addressbook/delete.inc index 1611ae1a1..da83757a8 100644 --- a/program/steps/addressbook/delete.inc +++ b/program/steps/addressbook/delete.inc @@ -21,12 +21,10 @@ if ($OUTPUT->ajax_call && ($cid = get_input_value('_cid', RCUBE_INPUT_POST)) && - (preg_match('/^[0-9]+(,[0-9]+)*$/', $cid) || - preg_match('/^[a-zA-Z0-9=]+(,[a-zA-Z0-9=]+)*$/', $cid)) - ) - { + preg_match('/^[a-zA-Z0-9\+\/=_-]+(,[a-zA-Z0-9\+\/=_-]+)*$/', $cid) +) { $plugin = $RCMAIL->plugins->exec_hook('delete_contact', array('id' => $cid, 'source' => get_input_value('_source', RCUBE_INPUT_GPC))); - + $deleted = !$plugin['abort'] ? $CONTACTS->delete($cid) : false; if (!$deleted) { diff --git a/program/steps/addressbook/mailto.inc b/program/steps/addressbook/mailto.inc index 6813958f2..002c4e801 100644 --- a/program/steps/addressbook/mailto.inc +++ b/program/steps/addressbook/mailto.inc @@ -23,7 +23,7 @@ $cid = get_input_value('_cid', RCUBE_INPUT_GET); $recipients = null; $mailto = array(); -if ($cid && preg_match('/^[a-z0-9\-\+\/_=]+(,[a-z0-9\-\+\/_=]+)*$/i', $cid) && $CONTACTS->ready) +if ($cid && preg_match('/^[a-z0-9\+\/=_-]+(,[a-z0-9\+\/=_-]+)*$/i', $cid) && $CONTACTS->ready) { $CONTACTS->set_page(1); $CONTACTS->set_pagesize(100); |