*
* Functions require SM_PATH and support of forms.php functions
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2014 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/* File */
$filename = getHashedFile($username, $data_dir, "$username.abook");
$r = $abook->add_backend('local_file', Array('filename' => $filename,
+ 'umask' => 0077,
'line_length' => $abook_file_line_length,
'create' => true));
if(!$r && $showerr) {
* display address book init errors.
*/
if ($abook_init_error!='' && $showerr) {
- error_box(nl2br(htmlspecialchars($abook_init_error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook_init_error)));
}
/* Return the initialized object */
global $oTemplate;
- $output = addForm($form_url, 'post', 'f_add');
+ $output = addForm($form_url, 'post', 'f_add', '', '', array(), TRUE);
if ($button == _("Update address")) {
$edit = true;
*
* Extra field can be used to add link to form, which allows
* to modify all fields supported by backend. This is the only field
- * that is not sanitized with htmlspecialchars. Backends MUST make
+ * that is not sanitized with sm_encode_html_special_chars. Backends MUST make
* sure that field data is sanitized and displayed correctly inside
* table cell. Use of html formating in other address book fields is
* not allowed. Backends that don't return 'extra' row in address book
* @return string email address with real name prepended
*/
function full_address($row) {
- global $data_dir, $username;
- $addrsrch_fullname = getPref($data_dir, $username, 'addrsrch_fullname');
- if ($addrsrch_fullname == 'fullname')
- return $row['name'] . ' <' . trim($row['email']) . '>';
- else if ($addrsrch_fullname == 'nickname')
- return $row['nickname'] . ' <' . trim($row['email']) . '>';
- else // "noprefix"
- return trim($row['email']);
+ global $data_dir, $username, $addrsrch_fullname;
+
+ // allow multiple addresses in one row (poor person's grouping - bah)
+ // (separate with commas)
+ //
+ $return = '';
+ $addresses = explode(',', $row['email']);
+ foreach ($addresses as $address) {
+
+ if (!empty($return)) $return .= ', ';
+
+ if ($addrsrch_fullname == 'fullname')
+ $return .= '"' . $row['name'] . '" <' . trim($address) . '>';
+ else if ($addrsrch_fullname == 'nickname')
+ $return .= '"' . $row['nickname'] . '" <' . trim($address) . '>';
+ else // "noprefix"
+ $return .= trim($address);
+
+ }
+
+ return $return;
}
/**
* of the SM_ABOOK_FIELD_* constants
* defined in include/constants.php
* (OPTIONAL; defaults to nickname field)
+ * NOTE: uniqueness is only guaranteed
+ * when the nickname field is used here;
+ * otherwise, the first matching address
+ * is returned.
*
* @return mixed Array with lookup results when the value
* was found, an empty array if the value was
}
/* Blocks use of space, :, |, #, " and ! in nickname */
- if (eregi('[ \\:\\|\\#\\"\\!]', $userdata['nickname'])) {
+ if (preg_match('/[ :|#"!]/', $userdata['nickname'])) {
$this->error = _("Nickname contains illegal characters");
return false;
}
return false;
}
- if (eregi('[\\: \\|\\#"\\!]', $userdata['nickname'])) {
+ if (preg_match('/[: |#"!]/', $userdata['nickname'])) {
$this->error = _("Nickname contains illegal characters");
return false;
}
* @param integer $field The field to look in, should be one
* of the SM_ABOOK_FIELD_* constants
* defined in include/constants.php
+ * NOTE: uniqueness is only guaranteed
+ * when the nickname field is used here;
+ * otherwise, the first matching address
+ * is returned.
*
* @return mixed Array with lookup results when the value
* was found, an empty array if the value was
* not found, or false if an error occured.
*
*/
- function lookup($value, $field) {
+ function lookup($value, $field=SM_ABOOK_FIELD_NICKNAME) {
$this->set_error('lookup is not implemented');
return false;
}