X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Fabook_local_file.php;h=8830766a26e8a66560b40906fdc9abb6ca8f9e56;hb=7c9282351769197871dc037e631c56710f3d8a72;hp=f72796b496dfb2edb5ea7e12d9ad0a5eda463152;hpb=503c7650d1e4178c3c7888d95dcae3777a93861e;p=squirrelmail.git

diff --git a/functions/abook_local_file.php b/functions/abook_local_file.php
index f72796b4..8830766a 100644
--- a/functions/abook_local_file.php
+++ b/functions/abook_local_file.php
@@ -3,7 +3,7 @@
 /**
  * abook_local_file.php
  *
- * @copyright &copy; 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2017 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -92,11 +92,11 @@ class abook_local_file extends addressbook_backend {
     /* ========================== Private ======================= */
 
     /**
-     * Constructor
+     * Constructor (PHP5 style, required in some future version of PHP)
      * @param array $param backend options
      * @return bool
      */
-    function abook_local_file($param) {
+    function __construct($param) {
         $this->sname = _("Personal Address Book");
         $this->umask = Umask();
 
@@ -139,6 +139,15 @@ class abook_local_file extends addressbook_backend {
         }
     }
 
+    /**
+     * Constructor (PHP4 style, kept for compatibility reasons)
+     * @param array $param backend options
+     * @return bool
+     */
+    function abook_local_file($param) {
+        return self::__construct($param);
+    }
+
     /**
      * Open the addressbook file and store the file pointer.
      * Use $file as the file to open, or the class' own
@@ -151,7 +160,7 @@ class abook_local_file extends addressbook_backend {
         $this->error = '';
         $file   = $this->filename;
         $create = $this->create;
-        $fopenmode = (($this->writeable && is_writable($file)) ? 'a+' : 'r');
+        $fopenmode = (($this->writeable && sq_is_writable($file)) ? 'a+' : 'r');
 
         /* Return true is file is open and $new is unset */
         if($this->filehandle && !$new) {
@@ -252,6 +261,7 @@ class abook_local_file extends addressbook_backend {
           return $this->set_error($this->filename . ':' . _("Unable to update"));
         }
         @unlink($this->filename . '.tmp');
+        @chmod($this->filename, 0600);
         $this->unlock();
         $this->open(true);
         return true;
@@ -273,10 +283,9 @@ class abook_local_file extends addressbook_backend {
         if ($expr=='*' && ! $this->listing)
             return array();
 
-        /* Make regexp from glob'ed expression
-         * May want to quote other special characters like (, ), -, [, ], etc. */
-        $expr = str_replace('?', '.', $expr);
-        $expr = str_replace('*', '.*', $expr);
+        // Make regexp from glob'ed expression
+        $expr = preg_quote($expr);
+        $expr = str_replace(array('\\?', '\\*'), array('.', '.*'), $expr);
 
         $res = array();
         if(!$this->open()) {
@@ -294,13 +303,15 @@ class abook_local_file extends addressbook_backend {
                 $oTemplate->display('footer.tpl');
                 die();
             } else {
-                $line = join(' ', $row);
                 /**
                  * TODO: regexp search is supported only in local_file backend.
                  * Do we check format of regexp or ignore errors?
                  */
-                // errors on eregi call are suppressed in order to prevent display of regexp compilation errors
-                if(@eregi($expr, $line)) {
+                // errors on preg_match call are suppressed in order to prevent display of regexp compilation errors
+                if (@preg_match('/' . $expr . '/i', $row[0])    // nickname
+                 || @preg_match('/' . $expr . '/i', $row[1])    // firstname
+                 || @preg_match('/' . $expr . '/i', $row[2])    // lastname
+                 || @preg_match('/' . $expr . '/i', $row[3])) { // email
                     array_push($res, array('nickname'  => $row[0],
                         'name'      => $this->fullname($row[1], $row[2]),
                         'firstname' => $row[1],
@@ -324,6 +335,10 @@ class abook_local_file extends addressbook_backend {
      *                       of the SM_ABOOK_FIELD_* constants
      *                       defined in include/constants.php
      *                       (OPTIONAL; defaults to nickname field)
+     *                       NOTE: uniqueness is only guaranteed
+     *                       when the nickname field is used here;
+     *                       otherwise, the first matching address
+     *                       is returned.
      *
      * @return array Array with lookup results when the value
      *               was found, an empty array if the value was
@@ -428,7 +443,8 @@ class abook_local_file extends addressbook_backend {
                 $this->quotevalue((!empty($userdata['label'])?$userdata['label']:''));
 
         /* Strip linefeeds */
-        $data = ereg_replace("[\r\n]", ' ', $data);
+        $nl_str = array("\r","\n");
+        $data = str_replace($nl_str, ' ', $data);
 
         /**
          * Make sure that entry fits into allocated record space.
@@ -583,7 +599,7 @@ class abook_local_file extends addressbook_backend {
     function quotevalue($value) {
         /* Quote the field if it contains | or ". Double quotes need to
          * be replaced with "" */
-        if(ereg("[|\"]", $value)) {
+        if(stristr($value, '"') || stristr($value, '|')) {
             $value = '"' . str_replace('"', '""', $value) . '"';
         }
         return $value;