X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fabook_local_file.php;h=61b0e0ce1be5aae08cba7f6ef73f2ce5ea05a765;hb=15d49d77d5662688595997ad6386d670b58b4499;hp=b91af2bc1b5a29ac9fc730d28593c5d5e5cf7c66;hpb=01265fbab60e51c5d97f55cfefe5888abb383ae9;p=squirrelmail.git

diff --git a/functions/abook_local_file.php b/functions/abook_local_file.php
index b91af2bc..61b0e0ce 100644
--- a/functions/abook_local_file.php
+++ b/functions/abook_local_file.php
@@ -3,7 +3,7 @@
 /**
  * abook_local_file.php
  *
- * Copyright (c) 1999-2002 The SquirrelMail Project Team
+ * Copyright (c) 1999-2003 The SquirrelMail Project Team
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
  * Backend for addressbook as a pipe separated file
@@ -135,18 +135,29 @@ class abook_local_file extends addressbook_backend {
      * NOTE! Previous locks are broken by this function */
     function overwrite(&$rows) {
         $this->unlock();
-        $newfh = @fopen($this->filename, 'w');
+        $newfh = @fopen($this->filename.'.tmp', 'w');
+
         if(!$newfh) {
-            return $this->set_error("$file: " . _("Open failed"));
+            return $this->set_error($this->filename. '.tmp:' . _("Open failed"));
         }
         
-        for($i = 0 ; $i < sizeof($rows) ; $i++) {
+        for($i = 0, $cnt=sizeof($rows) ; $i < $cnt ; $i++) {
             if(is_array($rows[$i])) {
-                fwrite($newfh, join('|', $rows[$i]) . "\n");
+                for($j = 0, $cnt_part=count($rows[$i]) ; $j < $cnt_part ; $j++) {
+                    $rows[$i][$j] = $this->quotevalue($rows[$i][$j]);
+                }
+                $tmpwrite = @fwrite($newfh, join('|', $rows[$i]) . "\n");
+                if ($tmpwrite == -1) {
+                    return $this->set_error($this->filename . '.tmp:' . _("Write failed"));
+                }
             }
         }       
 
         fclose($newfh);
+        if (!@copy($this->filename . '.tmp' , $this->filename)) {
+          return $this->set_error($this->filename . ':' . _("Unable to update"));
+        }
+        @unlink($this->filename . '.tmp');
         $this->unlock();
         $this->open(true);
         return true;
@@ -247,9 +258,12 @@ class abook_local_file extends addressbook_backend {
         }
   
         /* Here is the data to write */
-        $data = $userdata['nickname'] . '|' . $userdata['firstname'] . '|' .
-                $userdata['lastname'] . '|' . $userdata['email'] . '|' .
-                $userdata['label'];
+        $data = $this->quotevalue($userdata['nickname']) . '|' .
+                $this->quotevalue($userdata['firstname']) . '|' .
+                $this->quotevalue($userdata['lastname']) . '|' .
+                $this->quotevalue($userdata['email']) . '|' .
+                $this->quotevalue($userdata['label']);
+
         /* Strip linefeeds */
         $data = ereg_replace("[\r\n]", ' ', $data);
         /* Add linefeed at end */
@@ -359,5 +373,15 @@ class abook_local_file extends addressbook_backend {
         return true;
     }
      
+    /* Function for quoting values before saving */
+    function quotevalue($value) {
+        /* Quote the field if it contains | or ". Double quotes need to
+         * be replaced with "" */
+        if(ereg("[|\"]", $value)) {
+            $value = '"' . str_replace('"', '""', $value) . '"';
+        }
+        return $value;
+    }
+
 } /* End of class abook_local_file */
 ?>
\ No newline at end of file