summaryrefslogtreecommitdiff
path: root/program
diff options
context:
space:
mode:
Diffstat (limited to 'program')
-rw-r--r--program/js/common.js3
-rw-r--r--program/steps/addressbook/save.inc27
-rw-r--r--program/steps/mail/addcontact.inc14
3 files changed, 29 insertions, 15 deletions
diff --git a/program/js/common.js b/program/js/common.js
index 3a8739ba2..76ddd7269 100644
--- a/program/js/common.js
+++ b/program/js/common.js
@@ -491,12 +491,11 @@ function rcube_check_email(input, inline)
quoted_string = '\\x22('+qtext+'|'+quoted_pair+')*\\x22',
// Use simplified domain matching, because we need to allow Unicode characters here
// So, e-mail address should be validated also on server side after idn_to_ascii() use
- sub_domain = '[^@]+',
//domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d',
//sub_domain = '('+atom+'|'+domain_literal+')',
+ domain = '([^@\\x2e]+\\x2e)+[a-z]{2,}',
word = '('+atom+'|'+quoted_string+')',
delim = '[,;\s\n]',
- domain = sub_domain+'(\\x2e'+sub_domain+')*',
local_part = word+'(\\x2e'+word+')*',
addr_spec = local_part+'\\x40'+domain,
reg1 = inline ? new RegExp('(^|<|'+delim+')'+addr_spec+'($|>|'+delim+')', 'i') : new RegExp('^'+addr_spec+'$', 'i');
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index f0244b4a9..f074f18a4 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -20,19 +20,17 @@
*/
$cid = get_input_value('_cid', RCUBE_INPUT_POST);
-$return_action = empty($cid) ? 'add' : 'show';
+$return_action = empty($cid) ? 'add' : 'edit';
// cannot edit record
-if ($CONTACTS->readonly)
-{
+if ($CONTACTS->readonly) {
$OUTPUT->show_message('contactreadonly', 'error');
rcmail_overwrite_action($return_action);
return;
}
-// check input
-if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST)))
-{
+// Basic input checks
+if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST))) {
$OUTPUT->show_message('formincomplete', 'warning');
rcmail_overwrite_action($return_action);
return;
@@ -44,20 +42,27 @@ $a_save_cols = array('name', 'firstname', 'surname', 'email');
$a_record = array();
// read POST values into hash array
-foreach ($a_save_cols as $col)
-{
+foreach ($a_save_cols as $col) {
$fname = '_'.$col;
if (isset($_POST[$fname]))
$a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
}
+// Validity checks
+$_email = idn_to_ascii($a_record['email']);
+if (!check_email($_email, false)) {
+ $OUTPUT->show_message('emailformaterror', 'warning', array('email' => $_email));
+ rcmail_overwrite_action($return_action);
+ return;
+}
+
// update an existing contact
if (!empty($cid))
{
$plugin = $RCMAIL->plugins->exec_hook('contact_update',
array('id' => $cid, 'record' => $a_record, 'source' => get_input_value('_source', RCUBE_INPUT_GPC)));
$a_record = $plugin['record'];
-
+
if (!$plugin['abort'])
$result = $CONTACTS->update($cid, $a_record);
else
@@ -70,7 +75,7 @@ if (!empty($cid))
// change cid in POST for 'show' action
$_POST['_cid'] = $newcid;
}
-
+
// define list of cols to be displayed
$a_js_cols = array();
$record = $CONTACTS->get_record($newcid ? $newcid : $cid, true);
@@ -80,7 +85,7 @@ if (!empty($cid))
// update the changed col in list
$OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);
-
+
// show confirmation
$OUTPUT->show_message('successfullysaved', 'confirmation', null, false);
rcmail_overwrite_action('show');
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index d46db8ece..613a63e39 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,23 @@ $CONTACTS = $RCMAIL->get_address_book(null, true);
if (!empty($_POST['_address']) && is_object($CONTACTS))
{
$contact_arr = $IMAP->decode_address_list(get_input_value('_address', RCUBE_INPUT_POST, true), 1, false);
-
+
if (!empty($contact_arr[1]['mailto'])) {
$contact = array(
'email' => $contact_arr[1]['mailto'],
'name' => $contact_arr[1]['name']
);
+ // Validity checks
+ if (empty($contact['email'])) {
+ $OUTPUT->show_message('errorsavingcontact', 'error');
+ $OUTPUT->send();
+ }
+ else if (!check_email($contact['email'], false)) {
+ $OUTPUT->show_message('emailformaterror', 'error', array('email' => $contact['email']));
+ $OUTPUT->send();
+ }
+
$contact['email'] = idn_to_utf8($contact['email']);
// use email address part for name
@@ -60,7 +70,7 @@ if (!empty($_POST['_address']) && is_object($CONTACTS))
}
if (!$done)
- $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'warning');
+ $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'error');
$OUTPUT->send();