From c9dcb83132da6df4e601f5991727b010a08766d6 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 23 Jul 2012 10:40:48 +0200
Subject: Fixed PHP warning, added check for allowed characters in variable
 name

---
 plugins/managesieve/managesieve.php | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'plugins/managesieve/managesieve.php')

diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index b3be9c72c..70b280d4b 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -854,17 +854,22 @@ class managesieve extends rcube_plugin
                     break;
 
                 case 'set':
+                    $this->form['actions'][$i]['name'] = $varnames[$idx];
+                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
+                    foreach ((array)$varmods[$idx] as $v_m) {
+                        $this->form['actions'][$i][$v_m] = true;
+                    }
+
                     if (empty($varnames[$idx])) {
                         $this->errors['actions'][$i]['name'] = $this->gettext('cannotbeempty');
                     }
-                    if (empty($varvalues[$idx])) {
-                        $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
+                    else if (!preg_match('/^[0-9a-z_]+$/i', $varnames[$idx])) {
+                        $this->errors['actions'][$i]['name'] = $this->gettext('forbiddenchars');
                     }
-                    foreach ($varmods[$idx] as $v_m) {
-                        $this->form['actions'][$i][$v_m] = true;
+
+                    if (!isset($varvalues[$idx]) || $varvalues[$idx] === '') {
+                        $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
                     }
-                    $this->form['actions'][$i]['name'] = $varnames[$idx];
-                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
                     break;
                 }
 
-- 
cgit v1.2.3