*
* Manage personal address book.
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2017 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/** lets get the global vars we may need */
/* From the address form */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
sqgetGlobalVar('addaddr', $addaddr, SQ_POST);
sqgetGlobalVar('editaddr', $editaddr, SQ_POST);
sqgetGlobalVar('deladdr', $deladdr, SQ_POST);
/* Get sorting order */
$abook_sort_order = get_abook_sort();
-/* Create page header before addressbook_init in order to display error messages correctly. */
-displayPageHeader($color);
+// Create page header before addressbook_init in order to
+// display error messages correctly, unless we might be
+// redirecting the browser to the compose page.
+//
+if ((empty($compose_to)) || sizeof($sel) < 1)
+ displayPageHeader($color);
/* Open addressbook with error messages on.
remote backends (LDAP) are enabled because they can be used. (list_addr function)
/* Handle user's actions */
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
+ // first, validate security token
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
/**************************************************
* Add new address *
**************************************************/
if (!$r) {
/* Remove backend name from error string */
$errstr = $abook->error;
- $errstr = ereg_replace('^\[.*\] *', '', $errstr);
+ $errstr = preg_replace('/^\[.*\] */', '', $errstr);
$formerror = $errstr;
$showaddrlist = false;
if ($lookup_failed || empty($send_to)) {
$showaddrlist = true;
$defselected = $sel;
+
+ // we skipped the page header above for this functionality, so add it here
+ displayPageHeader($color);
}
$olddata = $abook->lookup($enick, $ebackend);
// Test if $olddata really contains anything and return an error message if it doesn't
if (!$olddata) {
- error_box(nl2br(htmlspecialchars($abook->error)));
+ error_box(nl2br(sm_encode_html_special_chars($abook->error)));
} else {
/* Display the "new address" form */
echo abook_create_form($form_url, 'editaddr',
/* Handle error messages */
if (!$r) {
/* Display error */
- plain_error_message( nl2br(htmlspecialchars($abook->error)));
+ plain_error_message( nl2br(sm_encode_html_special_chars($abook->error)));
/* Display the "new address" form again */
echo abook_create_form($form_url, 'editaddr',
/* Display error messages */
if (!empty($formerror)) {
- plain_error_message(nl2br(htmlspecialchars($formerror)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($formerror)));
}
$addresses[$backend->bnum] = $a;
} else {
// list_addr() returns boolean
- plain_error_message(nl2br(htmlspecialchars($abook->error)));
+ plain_error_message(nl2br(sm_encode_html_special_chars($abook->error)));
}
} else {
$addresses[$backend->bnum] = $a;
projects / squirrelmail.git / blobdiff