X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=functions%2Faddressbook.php;h=d35e9eeaeee0c23548a0d11766565cd655399c56;hb=f171f05a946fd875802d3cc8e41147a9bfeb7e3a;hp=f92a951dfd8220acbd5722aa59fab17402187eca;hpb=f8a1ed5aa365d515e4e2ac3602f900bfb9447fce;p=squirrelmail.git
diff --git a/functions/addressbook.php b/functions/addressbook.php
index f92a951d..d35e9eea 100644
--- a/functions/addressbook.php
+++ b/functions/addressbook.php
@@ -1,12 +1,12 @@
error, because message explains error.
$abook_init_error.=sprintf( _("Error opening file %s"), $filename );
}
-
}
/* Global file based addressbook */
@@ -131,7 +130,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
* hook allows to include different address book backends.
* plugins should extract $abook and $r from arguments
* and use same add_backend commands as above functions.
- * @since 1.5.1
+ * @since 1.5.1 and 1.4.5
*/
$hookReturn = do_hook('abook_init', $abook, $r);
$abook = $hookReturn[1];
@@ -147,7 +146,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
if (!$r && $showerr) {
if ($abook_init_error!='') $abook_init_error.="
\n";
$abook_init_error.=sprintf(_("Error initializing LDAP server %s:") .
- "
\n", $param['host']);
+ "
\n", $param['host']);
$abook_init_error.= $abook->error;
}
}
@@ -161,6 +160,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
if ($abook_init_error!='' && $showerr) {
error_box($abook_init_error,$color);
}
+
/* Return the initialized object */
return $abook;
}
@@ -190,7 +190,7 @@ function abook_create_form($form_url,$name,$title,$button,$defdata=array()) {
}
-/*
+/**
* Had to move this function outside of the Addressbook Class
* PHP 4.0.4 Seemed to be having problems with inline functions.
* Note: this can return now since we don't support 4.0.4 anymore.
@@ -414,6 +414,14 @@ function show_abook_sort_button($abook_sort_order, $alt_tag, $Down, $Up ) {
* @subpackage addressbook
*/
class AddressBook {
+
+ /*
+ Cleaning errors from html with htmlspecialchars:
+ Errors from the backend are cleaned up in this class because we not always
+ have control over it when error output is generated in the backend.
+ If this appears to be wrong place then clean it up at the source (the backend)
+ */
+
/**
* Enabled address book backends
* @var array
@@ -439,6 +447,20 @@ class AddressBook {
* @var string
*/
var $localbackendname = '';
+ /**
+ * Controls use of 'extra' field
+ *
+ * Extra field can be used to add link to form, which allows
+ * to modify all fields supported by backend. This is the only field
+ * that is not sanitized with htmlspecialchars. Backends MUST make
+ * sure that field data is sanitized and displayed correctly inside
+ * table cell. Use of html formating in other address book fields is
+ * not allowed. Backends that don't return 'extra' row in address book
+ * data should not modify this object property.
+ * @var boolean
+ * @since 1.5.1
+ */
+ var $add_extra_field = false;
/**
* Constructor function.
@@ -542,7 +564,7 @@ class AddressBook {
if (is_array($res)) {
$ret = array_merge($ret, $res);
} else {
- $this->error .= "
\n" . $backend->error;
+ $this->error .= "
\n" . htmlspecialchars($backend->error);
$failed++;
}
}
@@ -558,7 +580,7 @@ class AddressBook {
$ret = $this->backends[$bnum]->search($expression);
if (!is_array($ret)) {
- $this->error .= "
\n" . $this->backends[$bnum]->error;
+ $this->error .= "
\n" . htmlspecialchars($this->backends[$bnum]->error);
$ret = FALSE;
}
}
@@ -599,7 +621,7 @@ class AddressBook {
if (is_array($res)) {
return $res;
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
}
@@ -613,7 +635,7 @@ class AddressBook {
if(!empty($res))
return $res;
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($backend->error);
return false;
}
}
@@ -643,7 +665,7 @@ class AddressBook {
if (is_array($res)) {
$ret = array_merge($ret, $res);
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($backend->error);
return false;
}
}
@@ -693,7 +715,7 @@ class AddressBook {
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
@@ -730,7 +752,7 @@ class AddressBook {
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
@@ -785,7 +807,7 @@ class AddressBook {
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
@@ -856,6 +878,10 @@ class addressbook_backend {
/**
* Search for entries in backend
+ *
+ * Working backend should support use of wildcards. * symbol
+ * should match one or more symbols. ? symbol should match any
+ * single symbol.
* @param string $expression
* @return bool
*/
@@ -876,6 +902,9 @@ class addressbook_backend {
/**
* List all entries in backend
+ *
+ * Working backend should provide this function or at least
+ * dummy function that returns empty array.
* @return bool
*/
function list_addr() {
@@ -925,8 +954,8 @@ require_once(SM_PATH . 'functions/abook_ldap_server.php');
/* Only load database backend if database is configured */
if((isset($addrbook_dsn) && !empty($addrbook_dsn)) ||
- (isset($addrbook_global_dsn) && !empty($addrbook_global_dsn)) ) {
- include_once(SM_PATH . 'functions/abook_database.php');
+ (isset($addrbook_global_dsn) && !empty($addrbook_global_dsn))) {
+ include_once(SM_PATH . 'functions/abook_database.php');
}
/*
@@ -934,8 +963,8 @@ if((isset($addrbook_dsn) && !empty($addrbook_dsn)) ||
* class must follow address book class coding standards.
*
* see addressbook_backend class and functions/abook_*.php files.
- * @since 1.5.1
+ * @since 1.5.1 and 1.4.5
*/
do_hook('abook_add_class');
-?>
\ No newline at end of file
+?>