Add extra checks in In-Reply-To header generation. Removes E_NOTICE level

[squirrelmail.git] / functions / addressbook.php

diff --git a/functions/addressbook.php b/functions/addressbook.php
index 90de7dab7a625cfbec275b182a762747b89163c6..9642b08db9b18de3dd08acdfb294bdd41331bb3b 100644 (file)
--- a/functions/addressbook.php
+++ b/functions/addressbook.php
@@ -1,4 +1,5 @@
 <?php
+
 /**
  * functions/addressbook.php - Functions and classes for the addressbook system
  *
@@ -27,7 +28,7 @@ global $addrbook_dsn, $addrbook_global_dsn;
 
 /**
  * Create and initialize an addressbook object.
- * @param boolean $showerr display any address book init errors. html page header 
+ * @param boolean $showerr display any address book init errors. html page header
  * must be created before calling addressbook_init() with $showerr enabled.
  * @param boolean $onlylocal enable only local address book backends
  * @return object address book object.
@@ -69,11 +70,10 @@ function addressbook_init($showerr = true, $onlylocal = false) {
             // no need to use $abook->error, because message explains error.
             $abook_init_error.=sprintf( _("Error opening file %s"), $filename );
         }
-
     }
 
     /* Global file based addressbook */
-    if (isset($abook_global_file) && 
+    if (isset($abook_global_file) &&
         isset($abook_global_file_writeable) &&
         isset($abook_global_file_listing) &&
         trim($abook_global_file)!=''){
@@ -81,7 +81,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
         // Detect place of address book
         if (! preg_match("/[\/\\\]/",$abook_global_file)) {
             /* no path chars, address book stored in data directory
-             * make sure that there is a slash between data directory 
+             * make sure that there is a slash between data directory
              * and address book file name
              */
             $abook_global_filename=$data_dir
@@ -131,7 +131,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
      * hook allows to include different address book backends.
      * plugins should extract $abook and $r from arguments
      * and use same add_backend commands as above functions.
-     * @since 1.5.1
+     * @since 1.5.1 and 1.4.5
      */
     $hookReturn = do_hook('abook_init', $abook, $r);
     $abook = $hookReturn[1];
@@ -147,7 +147,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
                     if (!$r && $showerr) {
                         if ($abook_init_error!='') $abook_init_error.="<br />\n";
                         $abook_init_error.=sprintf(_("Error initializing LDAP server %s:") .
-                                                   "<br />\n", $param['host']);
+                                "<br />\n", $param['host']);
                         $abook_init_error.= $abook->error;
                     }
                 }
@@ -161,6 +161,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
     if ($abook_init_error!='' && $showerr) {
         error_box($abook_init_error,$color);
     }
+
     /* Return the initialized object */
     return $abook;
 }
@@ -190,7 +191,7 @@ function abook_create_form($form_url,$name,$title,$button,$defdata=array()) {
 }
 
 
-/*
+/**
  *   Had to move this function outside of the Addressbook Class
  *   PHP 4.0.4 Seemed to be having problems with inline functions.
  *   Note: this can return now since we don't support 4.0.4 anymore.
@@ -414,6 +415,14 @@ function show_abook_sort_button($abook_sort_order, $alt_tag, $Down, $Up ) {
  * @subpackage addressbook
  */
 class AddressBook {
+
+    /*
+       Cleaning errors from html with htmlspecialchars:
+       Errors from the backend are cleaned up in this class because we not always
+       have control over it when error output is generated in the backend.
+       If this appears to be wrong place then clean it up at the source (the backend)
+    */
+
     /**
      * Enabled address book backends
      * @var array
@@ -542,7 +551,7 @@ class AddressBook {
                 if (is_array($res)) {
                     $ret = array_merge($ret, $res);
                 } else {
-                    $this->error .= "<br />\n" . $backend->error;
+                    $this->error .= "<br />\n" . htmlspecialchars($backend->error);
                     $failed++;
                 }
             }
@@ -558,7 +567,7 @@ class AddressBook {
 
             $ret = $this->backends[$bnum]->search($expression);
             if (!is_array($ret)) {
-                $this->error .= "<br />\n" . $this->backends[$bnum]->error;
+                $this->error .= "<br />\n" . htmlspecialchars($this->backends[$bnum]->error);
                 $ret = FALSE;
             }
         }
@@ -599,7 +608,7 @@ class AddressBook {
             if (is_array($res)) {
                return $res;
             } else {
-               $this->error = $backend->error;
+               $this->error = htmlspecialchars($backend->error);
                return false;
             }
         }
@@ -613,7 +622,7 @@ class AddressBook {
                if(!empty($res))
               return $res;
             } else {
-               $this->error = $backend->error;
+               $this->error = htmlspecialchars($backend->error);
                return false;
             }
         }
@@ -643,7 +652,7 @@ class AddressBook {
             if (is_array($res)) {
                $ret = array_merge($ret, $res);
             } else {
-               $this->error = $backend->error;
+               $this->error = htmlspecialchars($backend->error);
                return false;
             }
         }
@@ -693,7 +702,7 @@ class AddressBook {
         if ($res) {
             return $bnum;
         } else {
-            $this->error = $this->backends[$bnum]->error;
+            $this->error = htmlspecialchars($this->backends[$bnum]->error);
             return false;
         }
 
@@ -730,7 +739,7 @@ class AddressBook {
         if ($res) {
             return $bnum;
         } else {
-            $this->error = $this->backends[$bnum]->error;
+            $this->error = htmlspecialchars($this->backends[$bnum]->error);
             return false;
         }
 
@@ -785,7 +794,7 @@ class AddressBook {
         if ($res) {
             return $bnum;
         } else {
-            $this->error = $this->backends[$bnum]->error;
+            $this->error = htmlspecialchars($this->backends[$bnum]->error);
             return false;
         }
 
@@ -856,6 +865,10 @@ class addressbook_backend {
 
     /**
      * Search for entries in backend
+     *
+     * Working backend should support use of wildcards. * symbol 
+     * should match one or more symbols. ? symbol should match any
+     * single symbol.  
      * @param string $expression
      * @return bool
      */
@@ -876,6 +889,9 @@ class addressbook_backend {
 
     /**
      * List all entries in backend
+     *
+     * Working backend should provide this function or at least
+     * dummy function that returns empty array.
      * @return bool
      */
     function list_addr() {
@@ -925,8 +941,8 @@ require_once(SM_PATH . 'functions/abook_ldap_server.php');
 
 /* Only load database backend if database is configured */
 if((isset($addrbook_dsn) && !empty($addrbook_dsn)) ||
- (isset($addrbook_global_dsn) && !empty($addrbook_global_dsn)) ) {
-  include_once(SM_PATH . 'functions/abook_database.php');
+        (isset($addrbook_global_dsn) && !empty($addrbook_global_dsn))) {
+    include_once(SM_PATH . 'functions/abook_database.php');
 }
 
 /*
@@ -934,7 +950,7 @@ if((isset($addrbook_dsn) && !empty($addrbook_dsn)) ||
  * class must follow address book class coding standards.
  *
  * see addressbook_backend class and functions/abook_*.php files.
- * @since 1.5.1
+ * @since 1.5.1 and 1.4.5
  */
 do_hook('abook_add_class');