/**
* functions/addressbook.php - Functions and classes for the addressbook system
*
- * Copyright (c) 1999-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
* Functions require SM_PATH and support of forms.php functions
*
+ * @copyright © 1999-2006 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @subpackage addressbook
}
-/*
+/**
* Had to move this function outside of the Addressbook Class
* PHP 4.0.4 Seemed to be having problems with inline functions.
* Note: this can return now since we don't support 4.0.4 anymore.
* @subpackage addressbook
*/
class AddressBook {
+
+ /*
+ Cleaning errors from html with htmlspecialchars:
+ Errors from the backend are cleaned up in this class because we not always
+ have control over it when error output is generated in the backend.
+ If this appears to be wrong place then clean it up at the source (the backend)
+ */
+
/**
* Enabled address book backends
* @var array
* @var string
*/
var $localbackendname = '';
+ /**
+ * Controls use of 'extra' field
+ *
+ * Extra field can be used to add link to form, which allows
+ * to modify all fields supported by backend. This is the only field
+ * that is not sanitized with htmlspecialchars. Backends MUST make
+ * sure that field data is sanitized and displayed correctly inside
+ * table cell. Use of html formating in other address book fields is
+ * not allowed. Backends that don't return 'extra' row in address book
+ * data should not modify this object property.
+ * @var boolean
+ * @since 1.5.1
+ */
+ var $add_extra_field = false;
/**
* Constructor function.
if (is_array($res)) {
$ret = array_merge($ret, $res);
} else {
- $this->error .= "<br />\n" . $backend->error;
+ $this->error .= "<br />\n" . htmlspecialchars($backend->error);
$failed++;
}
}
$ret = $this->backends[$bnum]->search($expression);
if (!is_array($ret)) {
- $this->error .= "<br />\n" . $this->backends[$bnum]->error;
+ $this->error .= "<br />\n" . htmlspecialchars($this->backends[$bnum]->error);
$ret = FALSE;
}
}
if (is_array($res)) {
return $res;
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
}
if(!empty($res))
return $res;
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($backend->error);
return false;
}
}
if (is_array($res)) {
$ret = array_merge($ret, $res);
} else {
- $this->error = $backend->error;
+ $this->error = htmlspecialchars($backend->error);
return false;
}
}
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
if ($res) {
return $bnum;
} else {
- $this->error = $this->backends[$bnum]->error;
+ $this->error = htmlspecialchars($this->backends[$bnum]->error);
return false;
}
/**
* Search for entries in backend
+ *
+ * Working backend should support use of wildcards. * symbol
+ * should match one or more symbols. ? symbol should match any
+ * single symbol.
* @param string $expression
* @return bool
*/
/**
* List all entries in backend
+ *
+ * Working backend should provide this function or at least
+ * dummy function that returns empty array.
* @return bool
*/
function list_addr() {
*/
do_hook('abook_add_class');
-?>
\ No newline at end of file
+?>