From 10a699759d4f106f29c077a6d65d3b8d212825e5 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 6 Nov 2005 19:26:45 +0000
Subject: Added localized messages to client and check form input

---
 program/steps/addressbook/edit.inc       |  6 +++++-
 program/steps/addressbook/save.inc       | 35 +++++++++++++++++++++++++++-----
 program/steps/mail/compose.inc           |  4 ++++
 program/steps/mail/sendmail.inc          | 13 +++++++++---
 program/steps/settings/edit_identity.inc |  5 +++++
 program/steps/settings/func.inc          |  3 +++
 program/steps/settings/save_identity.inc | 35 ++++++++++++++++++--------------
 7 files changed, 77 insertions(+), 24 deletions(-)

(limited to 'program/steps')

diff --git a/program/steps/addressbook/edit.inc b/program/steps/addressbook/edit.inc
index 24300bfce..feb794f4d 100644
--- a/program/steps/addressbook/edit.inc
+++ b/program/steps/addressbook/edit.inc
@@ -31,7 +31,7 @@ if (($_GET['_cid'] || $_POST['_cid']) && $_action=='edit')
              $_SESSION['user_id']);
   
   $CONTACT_RECORD = $DB->fetch_assoc();
-  
+
   if (is_array($CONTACT_RECORD))
     $OUTPUT->add_script(sprintf("%s.set_env('cid', '%s');", $JS_OBJECT_NAME, $CONTACT_RECORD['contact_id']));
   }
@@ -45,6 +45,10 @@ function rcmail_contact_editform($attrib)
   if (!$CONTACT_RECORD && $GLOBALS['_action']!='add')
     return rcube_label('contactnotfound');
 
+  // add some labels to client
+  rcube_add_label('noemailwarning');
+  rcube_add_label('nonamewarning');
+
   list($form_start, $form_end) = get_form_tags($attrib);
   unset($attrib['form']);
   
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index c80707fcf..2f54e435b 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -23,6 +23,15 @@
 $a_save_cols = array('name', 'firstname', 'surname', 'email');
 
 
+// check input
+if (empty($_POST['_name']) || empty($_POST['_email']))
+  {
+  show_message('formincomplete', 'warning');
+  rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
+  return;
+  }
+
+
 // update an existing contact
 if ($_POST['_cid'])
   {
@@ -34,7 +43,7 @@ if ($_POST['_cid'])
     if (!isset($_POST[$fname]))
       continue;
     
-    $a_write_sql[] = sprintf("%s='%s'", $col, addslashes(strip_tags($_POST[$fname])));
+    $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
     }
 
   if (sizeof($a_write_sql))
@@ -87,7 +96,7 @@ if ($_POST['_cid'])
     {
     // show error message
     show_message('errorsaving', 'error');
-    $_action = 'show';
+    rcmail_overwrite_action('show');
     }
   }
 
@@ -95,6 +104,22 @@ if ($_POST['_cid'])
 else
   {
   $a_insert_cols = $a_insert_values = array();
+  
+  // check for existing contacts
+  $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+                            WHERE  user_id=?
+                            AND    email=?
+                            AND    del<>'1'",
+                           $_SESSION['user_id'],
+                           $_POST['_email']);
+
+  // show warning message
+  if ($DB->num_rows($sql_result))
+    {
+    show_message('contactexists', 'warning');
+    $_action = 'add';
+    return;
+    }
 
   foreach ($a_save_cols as $col)
     {
@@ -103,13 +128,13 @@ else
       continue;
     
     $a_insert_cols[] = $col;
-    $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
+    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
     }
     
   if (sizeof($a_insert_cols))
     {
     $DB->query("INSERT INTO ".get_table_name('contacts')."
-                (user_id, changedm ".join(', ', $a_insert_cols).")
+                (user_id, changed, ".join(', ', $a_insert_cols).")
                 VALUES (?, now(), ".join(', ', $a_insert_values).")",
                 $_SESSION['user_id']);
                        
@@ -153,7 +178,7 @@ else
     {
     // show error message
     show_message('errorsaving', 'error');
-    $_action = 'add';
+    rcmail_overwrite_action('add');
     }
   }
 
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 0dc450205..d01e399e6 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -32,6 +32,10 @@ if (!is_array($_SESSION['compose']))
   $_SESSION['compose'] = array('id' => uniqid(rand()));
 
 
+// add some labels to client
+rcube_add_label('nosubject', 'norecipientwarning', 'nosubjectwarning', 'nobodywarning', 'sendingmessage');
+
+
 if ($_GET['_reply_uid'] || $_GET['_forward_uid'])
   {
   $msg_uid = $_GET['_reply_uid'] ? $_GET['_reply_uid'] : $_GET['_forward_uid'];
diff --git a/program/steps/mail/sendmail.inc b/program/steps/mail/sendmail.inc
index 48a5ccc6f..2bafaebc1 100644
--- a/program/steps/mail/sendmail.inc
+++ b/program/steps/mail/sendmail.inc
@@ -28,7 +28,7 @@ require_once('Mail/mime.php');
 
 if (!isset($_SESSION['compose']['id']))
   {
-  $_action = 'list';
+  rcmail_overwrite_action('list');
   return;
   }
 
@@ -65,6 +65,14 @@ function rcmail_get_identity($id)
 /****** check submission and compose message ********/
 
 
+if (empty($_POST['_to']) && empty($_POST['_subject']) && $_POST['_message'])
+  {
+  show_message("sendingfailed", 'error'); 
+  rcmail_overwrite_action('compose');
+  return;
+  }
+
+
 $mailto_regexp = array('/,\s*[\r\n]+/', '/[\r\n]+/', '/,\s*$/m');
 $mailto_replace = array(' ', ', ', '');
 
@@ -206,9 +214,8 @@ else
 // return to compose page if sending failed
 if (!$sent)
   {
-  $_action = 'compose';
-  $OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));
   show_message("sendingfailed", 'error'); 
+  rcmail_overwrite_action('compose');
   return;
   }
 
diff --git a/program/steps/settings/edit_identity.inc b/program/steps/settings/edit_identity.inc
index dc2f14990..6649c209a 100644
--- a/program/steps/settings/edit_identity.inc
+++ b/program/steps/settings/edit_identity.inc
@@ -48,6 +48,11 @@ function rcube_identity_form($attrib)
   if (!$IDENTITY_RECORD && $GLOBALS['_action']!='add-identity')
     return rcube_label('notfound');
 
+  // add some labels to client
+  rcube_add_label('noemailwarning');
+  rcube_add_label('nonamewarning');
+
+
   list($form_start, $form_end) = get_form_tags($attrib, 'save-identity', array('name' => '_iid', 'value' => $IDENTITY_RECORD['identity_id']));
   unset($attrib['form']);
 
diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index 9b7ef002b..01b692395 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -34,6 +34,9 @@ function rcmail_user_prefs_form($attrib)
   {
   global $DB, $CONFIG, $sess_user_lang;
 
+  // add some labels to client
+  rcube_add_label('nopagesizewarning');
+  
   list($form_start, $form_end) = get_form_tags($attrib, 'save-prefs');
   unset($attrib['form']);
 
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index ea186ec12..2e42987bf 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -22,6 +22,15 @@
 $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'default');
 
 
+// check input
+if (empty($_POST['_name']) || empty($_POST['_email']))
+  {
+  show_message('formincomplete', 'warning');
+  rcmail_overwrite_action('edit-identitiy');
+  return;
+  }
+
+
 // update an existing contact
 if ($_POST['_iid'])
   {
@@ -33,7 +42,7 @@ if ($_POST['_iid'])
     if (!isset($_POST[$fname]))
       continue;
 
-    $a_write_sql[] = sprintf("`%s`='%s'", $col, addslashes(strip_tags($_POST[$fname])));
+    $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
     }
 
   if (sizeof($a_write_sql))
@@ -56,11 +65,11 @@ if ($_POST['_iid'])
     // mark all other identities as 'not-default'
     $DB->query("UPDATE ".get_table_name('identities')."
                 SET ".$DB->quoteIdentifier('default')."='0'
-                WHERE  identity_id!=?
-                AND    user_id=?
+                WHERE  user_id=?
+                AND    identity_id<>?
                 AND    del<>'1'",
-                $_POST['_iid'],
-                $_SESSION['user_id']);
+                $_SESSION['user_id'],
+                $_POST['_iid']);
     
     if ($_POST['_framed'])
       {
@@ -71,7 +80,8 @@ if ($_POST['_iid'])
   else
     {
     // show error message
-
+    show_message('errorsaving', 'error');
+    rcmail_overwrite_action('edit-identitiy');
     }
   }
 
@@ -87,7 +97,7 @@ else
       continue;
     
     $a_insert_cols[] = $DB->quoteIdentifier($col);
-    $a_insert_values[] = sprintf("'%s'", addslashes(strip_tags($_POST[$fname])));
+    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
     }
     
   if (sizeof($a_insert_cols))
@@ -113,18 +123,13 @@ else
   else
     {
     // show error message
+    show_message('errorsaving', 'error');
+    rcmail_overwrite_action('edit-identitiy');
     }
   }
 
 
 // go to next step
-if ($_POST['_framed'])
-  $_action = 'edit-identitiy';
-else
-  $_action = 'identities';
-  
-
-// overwrite action variable  
-$OUTPUT->add_script(sprintf("\n%s.set_env('action', '%s');", $JS_OBJECT_NAME, $_action));  
+rcmail_overwrite_action($_POST['_framed'] ? 'edit-identitiy' : 'identities');
 
 ?>
\ No newline at end of file
-- 
cgit v1.2.3