From 6f096812c9fd460fddd21ff1cef55542cb79a890 Mon Sep 17 00:00:00 2001
From: alecpl <alec@alec.pl>
Date: Tue, 2 Nov 2010 09:27:03 +0000
Subject: - Support contact's email addresses up to 255 characters long
 (#1487095) - Added email format checks when saving contacts data

---
 program/js/common.js               |  3 +--
 program/steps/addressbook/save.inc | 27 ++++++++++++++++-----------
 program/steps/mail/addcontact.inc  | 14 ++++++++++++--
 3 files changed, 29 insertions(+), 15 deletions(-)

(limited to 'program')

diff --git a/program/js/common.js b/program/js/common.js
index 3a8739ba2..76ddd7269 100644
--- a/program/js/common.js
+++ b/program/js/common.js
@@ -491,12 +491,11 @@ function rcube_check_email(input, inline)
       quoted_string = '\\x22('+qtext+'|'+quoted_pair+')*\\x22',
       // Use simplified domain matching, because we need to allow Unicode characters here
       // So, e-mail address should be validated also on server side after idn_to_ascii() use
-      sub_domain = '[^@]+',
       //domain_literal = '\\x5b('+dtext+'|'+quoted_pair+')*\\x5d',
       //sub_domain = '('+atom+'|'+domain_literal+')',
+      domain = '([^@\\x2e]+\\x2e)+[a-z]{2,}',
       word = '('+atom+'|'+quoted_string+')',
       delim = '[,;\s\n]',
-      domain = sub_domain+'(\\x2e'+sub_domain+')*',
       local_part = word+'(\\x2e'+word+')*',
       addr_spec = local_part+'\\x40'+domain,
       reg1 = inline ? new RegExp('(^|<|'+delim+')'+addr_spec+'($|>|'+delim+')', 'i') : new RegExp('^'+addr_spec+'$', 'i');
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index f0244b4a9..f074f18a4 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -20,19 +20,17 @@
 */
 
 $cid = get_input_value('_cid', RCUBE_INPUT_POST);
-$return_action = empty($cid) ? 'add' : 'show';
+$return_action = empty($cid) ? 'add' : 'edit';
 
 // cannot edit record
-if ($CONTACTS->readonly)
-{
+if ($CONTACTS->readonly) {
   $OUTPUT->show_message('contactreadonly', 'error');
   rcmail_overwrite_action($return_action);
   return;
 }
 
-// check input
-if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST)))
-{
+// Basic input checks
+if ((!get_input_value('_name', RCUBE_INPUT_POST) || !get_input_value('_email', RCUBE_INPUT_POST))) {
   $OUTPUT->show_message('formincomplete', 'warning');
   rcmail_overwrite_action($return_action);
   return;
@@ -44,20 +42,27 @@ $a_save_cols = array('name', 'firstname', 'surname', 'email');
 $a_record = array();
 
 // read POST values into hash array
-foreach ($a_save_cols as $col)
-{
+foreach ($a_save_cols as $col) {
   $fname = '_'.$col;
   if (isset($_POST[$fname]))
     $a_record[$col] = get_input_value($fname, RCUBE_INPUT_POST);
 }
 
+// Validity checks
+$_email = idn_to_ascii($a_record['email']);
+if (!check_email($_email, false)) {
+  $OUTPUT->show_message('emailformaterror', 'warning', array('email' => $_email));
+  rcmail_overwrite_action($return_action);
+  return;
+}
+
 // update an existing contact
 if (!empty($cid))
 {
   $plugin = $RCMAIL->plugins->exec_hook('contact_update',
     array('id' => $cid, 'record' => $a_record, 'source' => get_input_value('_source', RCUBE_INPUT_GPC)));
   $a_record = $plugin['record'];
-  
+
   if (!$plugin['abort'])
     $result = $CONTACTS->update($cid, $a_record);
   else
@@ -70,7 +75,7 @@ if (!empty($cid))
       // change cid in POST for 'show' action
       $_POST['_cid'] = $newcid;
     }
-    
+
     // define list of cols to be displayed
     $a_js_cols = array();
     $record = $CONTACTS->get_record($newcid ? $newcid : $cid, true);
@@ -80,7 +85,7 @@ if (!empty($cid))
 
     // update the changed col in list
     $OUTPUT->command('parent.update_contact_row', $cid, $a_js_cols, $newcid);
-      
+
     // show confirmation
     $OUTPUT->show_message('successfullysaved', 'confirmation', null, false);
     rcmail_overwrite_action('show');
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index d46db8ece..613a63e39 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -29,13 +29,23 @@ $CONTACTS = $RCMAIL->get_address_book(null, true);
 if (!empty($_POST['_address']) && is_object($CONTACTS))
 {
   $contact_arr = $IMAP->decode_address_list(get_input_value('_address', RCUBE_INPUT_POST, true), 1, false);
-  
+
   if (!empty($contact_arr[1]['mailto'])) {
     $contact = array(
       'email' => $contact_arr[1]['mailto'],
       'name' => $contact_arr[1]['name']
     );
 
+    // Validity checks
+    if (empty($contact['email'])) {
+      $OUTPUT->show_message('errorsavingcontact', 'error');
+      $OUTPUT->send();
+    }
+    else if (!check_email($contact['email'], false)) {
+      $OUTPUT->show_message('emailformaterror', 'error', array('email' => $contact['email']));
+      $OUTPUT->send();
+    }
+
     $contact['email'] = idn_to_utf8($contact['email']);
 
     // use email address part for name
@@ -60,7 +70,7 @@ if (!empty($_POST['_address']) && is_object($CONTACTS))
 }
 
 if (!$done)
-  $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'warning');
+  $OUTPUT->show_message($plugin['message'] ? $plugin['message'] : 'errorsavingcontact', 'error');
 
 $OUTPUT->send();
 
-- 
cgit v1.2.3