diff options
Diffstat (limited to 'program')
-rw-r--r-- | program/js/common.js | 3 | ||||
-rw-r--r-- | program/steps/addressbook/save.inc | 27 | ||||
-rw-r--r-- | program/steps/mail/addcontact.inc | 14 |
3 files changed, 29 insertions, 15 deletions
diff --git a/program/js/common.js b/program/js/common.js index 3a8739ba2..76ddd7269 100644 --- a/program/js/common.js +++ b/program/js/common.js @@ -491,12 +491,11 @@ function rcube_check_email(input, inline) quoted_string = '\\x22('+qtext+'|'+quoted_pair+')*\\x22', // Use simplified domain matching, because we need to allow Unicode characters here // So, e-mail address should be validated also on server side after idn_to_ascii() use - sub_domain = '[^@]+', //domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d', //sub_domain = '('+atom+'|'+domain_literal+')', + domain = '([^@\\x2e]+\\x2e)+[a-z]{2,}', word = '('+atom+'|'+quoted_string+')', delim = '[,;\s\n]', - domain = sub_domain+'(\\x2e'+sub_domain+')*', local_part = word+'(\\x2e'+word+')*', addr_spec = local_part+'\\x40'+domain, reg1 = inline ? new RegExp('(^|<|'+delim+')'+addr_spec+'($|>|'+delim+')', 'i') : new RegExp('^'+addr_spec+'$', 'i'); diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc index f0244b4a9..f074f18a4 100644 --- a/program/steps/addressbook/save.inc +++ b/program/steps/addressbook/save.inc @@ -20,19 +20,17 @@ */ $cid = get_input_value('_cid', RCUBE_INPUT_POST); -$return_action = empty($cid) ? 'add' : 'show'; +$return_action = empty($cid) ? 'add' : 'edit'; // cannot edit record -if ($CONTACTS->readonly) -{ +if ($CONTACTS->readonly) { $OUTPUT->show_message('contactreadonly', 'error'); rcmail_overwrite_action($return_action); return; } -// check input -if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST))) -{ +// Basic input checks +if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST))) { $OUTPUT->show_message('formincomplete', 'warning'); rcmail_overwrite_action($return_action); return; @@ -44,20 +42,27 @@ $a_save_cols = array('name', 'firstname', 'surname', 'email'); $a_record = array(); // read POST values into hash array -foreach ($a_save_cols as $col) -{ +foreach ($a_save_cols as $col) { $fname = '_'.$col; if (isset($_POST[$fname])) $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST); } +// Validity checks +$_email = idn_to_ascii($a_record['email']); +if (!check_email($_email, false)) { + $OUTPUT->show_message('emailformaterror', 'warning', array('email' => $_email)); + rcmail_overwrite_action($return_action); + return; +} + // update an existing contact if (!empty($cid)) { $plugin = $RCMAIL->plugins->exec_hook('contact_update', array('id' => $cid, 'record' => $a_record, 'source' => get_input_value('_source', RCUBE_INPUT_GPC))); $a_record = $plugin['record']; - + if (!$plugin['abort']) $result = $CONTACTS->update($cid, $a_record); else @@ -70,7 +75,7 @@ if (!empty($cid)) // change cid in POST for 'show' action $_POST['_cid'] = $newcid; } - + // define list of cols to be displayed $a_js_cols = array(); $record = $CONTACTS->get_record($newcid ? $newcid : $cid, true); @@ -80,7 +85,7 @@ if (!empty($cid)) // update the changed col in list $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid); - + // show confirmation $OUTPUT->show_message('successfullysaved', 'confirmation', null, false); rcmail_overwrite_action('show'); diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc index d46db8ece..613a63e39 100644 --- a/program/steps/mail/addcontact.inc +++ b/program/steps/mail/addcontact.inc @@ -29,13 +29,23 @@ $CONTACTS = $RCMAIL->get_address_book(null, true); if (!empty($_POST['_address']) && is_object($CONTACTS)) { $contact_arr = $IMAP->decode_address_list(get_input_value('_address', RCUBE_INPUT_POST, true), 1, false); - + if (!empty($contact_arr[1]['mailto'])) { $contact = array( 'email' => $contact_arr[1]['mailto'], 'name' => $contact_arr[1]['name'] ); + // Validity checks + if (empty($contact['email'])) { + $OUTPUT->show_message('errorsavingcontact', 'error'); + $OUTPUT->send(); + } + else if (!check_email($contact['email'], false)) { + $OUTPUT->show_message('emailformaterror', 'error', array('email' => $contact['email'])); + $OUTPUT->send(); + } + $contact['email'] = idn_to_utf8($contact['email']); // use email address part for name @@ -60,7 +70,7 @@ if (!empty($_POST['_address']) && is_object($CONTACTS)) } if (!$done) - $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'warning'); + $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'error'); $OUTPUT->send(); |