diff options
Diffstat (limited to 'program/steps')
-rw-r--r-- | program/steps/addressbook/edit.inc | 6 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 35 | ||||
-rw-r--r-- | program/steps/mail/compose.inc | 4 | ||||
-rw-r--r-- | program/steps/mail/sendmail.inc | 13 | ||||
-rw-r--r-- | program/steps/settings/edit_identity.inc | 5 | ||||
-rw-r--r-- | program/steps/settings/func.inc | 3 | ||||
-rw-r--r-- | program/steps/settings/save_identity.inc | 35 |
7 files changed, 77 insertions, 24 deletions
diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc index 24300bfce..feb794f4d 100644 --- a/program/steps/addressbook/edit.inc +++ b/program/steps/addressbook/edit.inc @@ -31,7 +31,7 @@ if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit') $_SESSION['user_id']); $CONTACT_RECORD = $DB->fetch_assoc(); - + if (is_array($CONTACT_RECORD)) $OUTPUT->add_script(sprintf("%s.set_env('cid', '%s');", $JS_OBJECT_NAME, $CONTACT_RECORD['contact_id'])); } @@ -45,6 +45,10 @@ function rcmail_contact_editform($attrib) if (!$CONTACT_RECORD && $GLOBALS['_action']!='add') return rcube_label('contactnotfound'); + // add some labels to client + rcube_add_label('noemailwarning'); + rcube_add_label('nonamewarning'); + list($form_start, $form_end) = get_form_tags($attrib); unset($attrib['form']); diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index c80707fcf..2f54e435b 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -23,6 +23,15 @@ $a_save_cols = array('name', 'firstname', 'surname', 'email'); +// check input +if (empty($_POST['_name']) || empty($_POST['_email'])) + { + show_message('formincomplete', 'warning'); + rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add'); + return; + } + + // update an existing contact if ($_POST['_cid']) { @@ -34,7 +43,7 @@ if ($_POST['_cid']) if (!isset($_POST[$fname])) continue; - $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname]))); + $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname]))); } if (sizeof($a_write_sql)) @@ -87,7 +96,7 @@ if ($_POST['_cid']) { // show error message show_message('errorsaving', 'error'); - $_action = 'show'; + rcmail_overwrite_action('show'); } } @@ -95,6 +104,22 @@ if ($_POST['_cid']) else { $a_insert_cols = $a_insert_values = array(); + + // check for existing contacts + $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')." + WHERE user_id=? + AND email=? + AND del<>'1'", + $_SESSION['user_id'], + $_POST['_email']); + + // show warning message + if ($DB->num_rows($sql_result)) + { + show_message('contactexists', 'warning'); + $_action = 'add'; + return; + } foreach ($a_save_cols as $col) { @@ -103,13 +128,13 @@ else continue; $a_insert_cols[] = $col; - $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); + $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname])); } if (sizeof($a_insert_cols)) { $DB->query("INSERT INTO ".get_table_name('contacts')." - (user_id, changedm ".join(', ', $a_insert_cols).") + (user_id, changed, ".join(', ', $a_insert_cols).") VALUES (?, now(), ".join(', ', $a_insert_values).")", $_SESSION['user_id']); @@ -153,7 +178,7 @@ else { // show error message show_message('errorsaving', 'error'); - $_action = 'add'; + rcmail_overwrite_action('add'); } } diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc index 0dc450205..d01e399e6 100644 --- a/program/steps/mail/compose.inc +++ b/program/steps/mail/compose.inc @@ -32,6 +32,10 @@ if (!is_array($_SESSION['compose'])) $_SESSION['compose'] = array('id' => uniqid(rand())); +// add some labels to client +rcube_add_label('nosubject', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'sendingmessage'); + + if ($_GET['_reply_uid'] || $_GET['_forward_uid']) { $msg_uid = $_GET['_reply_uid'] ? $_GET['_reply_uid'] : $_GET['_forward_uid']; diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc index 48a5ccc6f..2bafaebc1 100644 --- a/program/steps/mail/sendmail.inc +++ b/program/steps/mail/sendmail.inc @@ -28,7 +28,7 @@ require_once('Mail/mime.php'); if (!isset($_SESSION['compose']['id'])) { - $_action = 'list'; + rcmail_overwrite_action('list'); return; } @@ -65,6 +65,14 @@ function rcmail_get_identity($id) /****** check submission and compose message ********/ +if (empty($_POST['_to']) && empty($_POST['_subject']) && $_POST['_message']) + { + show_message("sendingfailed", 'error'); + rcmail_overwrite_action('compose'); + return; + } + + $mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m'); $mailto_replace = array(' ', ', ', ''); @@ -206,9 +214,8 @@ else // return to compose page if sending failed if (!$sent) { - $_action = 'compose'; - $OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action)); show_message("sendingfailed", 'error'); + rcmail_overwrite_action('compose'); return; } diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc index dc2f14990..6649c209a 100644 --- a/program/steps/settings/edit_identity.inc +++ b/program/steps/settings/edit_identity.inc @@ -48,6 +48,11 @@ function rcube_identity_form($attrib) if (!$IDENTITY_RECORD && $GLOBALS['_action']!='add-identity') return rcube_label('notfound'); + // add some labels to client + rcube_add_label('noemailwarning'); + rcube_add_label('nonamewarning'); + + list($form_start, $form_end) = get_form_tags($attrib, 'save-identity', array('name' => '_iid', 'value' => $IDENTITY_RECORD['identity_id'])); unset($attrib['form']); diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc index 9b7ef002b..01b692395 100644 --- a/program/steps/settings/func.inc +++ b/program/steps/settings/func.inc @@ -34,6 +34,9 @@ function rcmail_user_prefs_form($attrib) { global $DB, $CONFIG, $sess_user_lang; + // add some labels to client + rcube_add_label('nopagesizewarning'); + list($form_start, $form_end) = get_form_tags($attrib, 'save-prefs'); unset($attrib['form']); diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index ea186ec12..2e42987bf 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -22,6 +22,15 @@ $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'default'); +// check input +if (empty($_POST['_name']) || empty($_POST['_email'])) + { + show_message('formincomplete', 'warning'); + rcmail_overwrite_action('edit-identitiy'); + return; + } + + // update an existing contact if ($_POST['_iid']) { @@ -33,7 +42,7 @@ if ($_POST['_iid']) if (!isset($_POST[$fname])) continue; - $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname]))); + $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname]))); } if (sizeof($a_write_sql)) @@ -56,11 +65,11 @@ if ($_POST['_iid']) // mark all other identities as 'not-default' $DB->query("UPDATE ".get_table_name('identities')." SET ".$DB->quoteIdentifier('default')."='0' - WHERE identity_id!=? - AND user_id=? + WHERE user_id=? + AND identity_id<>? AND del<>'1'", - $_POST['_iid'], - $_SESSION['user_id']); + $_SESSION['user_id'], + $_POST['_iid']); if ($_POST['_framed']) { @@ -71,7 +80,8 @@ if ($_POST['_iid']) else { // show error message - + show_message('errorsaving', 'error'); + rcmail_overwrite_action('edit-identitiy'); } } @@ -87,7 +97,7 @@ else continue; $a_insert_cols[] = $DB->quoteIdentifier($col); - $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname]))); + $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname])); } if (sizeof($a_insert_cols)) @@ -113,18 +123,13 @@ else else { // show error message + show_message('errorsaving', 'error'); + rcmail_overwrite_action('edit-identitiy'); } } // go to next step -if ($_POST['_framed']) - $_action = 'edit-identitiy'; -else - $_action = 'identities'; - - -// overwrite action variable -$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action)); +rcmail_overwrite_action($_POST['_framed'] ? 'edit-identitiy' : 'identities'); ?>
\ No newline at end of file |