Happy New Year

[squirrelmail.git] / functions / addressbook.php

diff --git a/functions/addressbook.php b/functions/addressbook.php
index 0c68958d225c623c99938a60addbeff64a61f451..baa1c606dfd66ca5ce790723d9bf0de61756c77a 100644 (file)
--- a/functions/addressbook.php
+++ b/functions/addressbook.php
@@ -4,7 +4,7 @@
  *
  * Functions require SM_PATH and support of forms.php functions
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2021 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -54,6 +54,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
         /* File */
         $filename = getHashedFile($username, $data_dir, "$username.abook");
         $r = $abook->add_backend('local_file', Array('filename' => $filename,
+                                                     'umask' => 0077,
                                                      'line_length' => $abook_file_line_length,
                                                      'create'   => true));
         if(!$r && $showerr) {
@@ -140,7 +141,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
     /* Load configured LDAP servers (if PHP has LDAP support) */
     if (isset($ldap_server) && is_array($ldap_server)) {
         reset($ldap_server);
-        while (list($undef,$param) = each($ldap_server)) {
+        foreach ($ldap_server as $param) {
             if (!is_array($param))
                 continue;
 
@@ -161,7 +162,7 @@ function addressbook_init($showerr = true, $onlylocal = false) {
      * display address book init errors.
      */
     if ($abook_init_error!='' && $showerr) {
-        error_box(nl2br(htmlspecialchars($abook_init_error)));
+        error_box(nl2br(sm_encode_html_special_chars($abook_init_error)));
     }
 
     /* Return the initialized object */
@@ -191,7 +192,7 @@ function abook_create_form($form_url, $name, $title, $button,
 
     global $oTemplate;
 
-    $output = addForm($form_url, 'post', 'f_add');
+    $output = addForm($form_url, 'post', 'f_add', '', '', array(), TRUE);
 
     if ($button == _("Update address")) {
         $edit = true;
@@ -250,7 +251,7 @@ function getWritableBackends () {
     
     $write = array();
     $backends = $abook->get_backend_list();
-    while (list($undef,$v) = each($backends)) {
+    foreach ($backends as $v) {
         if ($v->writeable) {
             $write[$v->bnum]=$v->sname;
         }
@@ -413,7 +414,7 @@ class AddressBook {
      *
      * Extra field can be used to add link to form, which allows
      * to modify all fields supported by backend. This is the only field
-     * that is not sanitized with htmlspecialchars. Backends MUST make
+     * that is not sanitized with sm_encode_html_special_chars. Backends MUST make
      * sure that field data is sanitized and displayed correctly inside
      * table cell. Use of html formating in other address book fields is
      * not allowed. Backends that don't return 'extra' row in address book
@@ -424,12 +425,19 @@ class AddressBook {
     var $add_extra_field = false;
 
     /**
-     * Constructor function.
+     * Constructor (PHP5 style, required in some future version of PHP)
      */
-    function AddressBook() {
+    function __construct() {
         $this->localbackendname = _("Personal Address Book");
     }
 
+    /**
+     * Constructor (PHP4 style, kept for compatibility reasons)
+     */
+    function AddressBook() {
+        self::__construct();
+    }
+
     /**
      * Return an array of backends of a given type,
      * or all backends if no type is specified.
@@ -513,15 +521,28 @@ class AddressBook {
      * @param array $row address book entry
      * @return string email address with real name prepended
      */
-    function full_address($row) {
-        global $data_dir, $username;
-        $addrsrch_fullname = getPref($data_dir, $username, 'addrsrch_fullname');
-        if ($addrsrch_fullname == 'fullname')
-            return $row['name'] . ' <' . trim($row['email']) . '>';
-        else if ($addrsrch_fullname == 'nickname')
-            return $row['nickname'] . ' <' . trim($row['email']) . '>';
-        else // "noprefix"
-            return trim($row['email']);
+    static function full_address($row) {
+        global $data_dir, $username, $addrsrch_fullname;
+
+        // allow multiple addresses in one row (poor person's grouping - bah)
+        // (separate with commas)
+        //
+        $return = '';
+        $addresses = explode(',', $row['email']);
+        foreach ($addresses as $address) {
+            
+            if (!empty($return)) $return .= ', ';
+
+            if ($addrsrch_fullname == 'fullname')
+                $return .= '"' . $row['name'] . '" <' . trim($address) . '>';
+            else if ($addrsrch_fullname == 'nickname')
+                $return .= '"' . $row['nickname'] . '" <' . trim($address) . '>';
+            else // "noprefix"
+                $return .= trim($address);
+
+        }
+
+        return $return;
     }
 
     /**
@@ -717,7 +738,7 @@ class AddressBook {
         }
 
         /* Blocks use of space, :, |, #, " and ! in nickname */
-        if (eregi('[ \\:\\|\\#\\"\\!]', $userdata['nickname'])) {
+        if (preg_match('/[ :|#"!]/', $userdata['nickname'])) {
             $this->error = _("Nickname contains illegal characters");
             return false;
         }
@@ -817,7 +838,7 @@ class AddressBook {
             return false;
         }
 
-        if (eregi('[\\: \\|\\#"\\!]', $userdata['nickname'])) {
+        if (preg_match('/[: |#"!]/', $userdata['nickname'])) {
             $this->error = _("Nickname contains illegal characters");
             return false;
         }
@@ -943,7 +964,7 @@ class addressbook_backend {
      *               not found, or false if an error occured.
      *
      */
-    function lookup($value, $field) {
+    function lookup($value, $field=SM_ABOOK_FIELD_NICKNAME) {
         $this->set_error('lookup is not implemented');
         return false;
     }