X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fabook_local_file.php;h=0c235e36bc8adc9be414977cccd717621b21d748;hp=cf91099862f1d7c9851b915ee1b0235c18ac20dc;hb=1794d99316ac199aa68361e08a38b27faa07d5c4;hpb=91e0dccca7b2452d8b450791cae3aa4125e8889e diff --git a/functions/abook_local_file.php b/functions/abook_local_file.php index cf910998..0c235e36 100644 --- a/functions/abook_local_file.php +++ b/functions/abook_local_file.php @@ -1,10 +1,10 @@ allow writing into address book. Used only when * detect_writeable is set to false. + * ? listing => enable/disable listing * * NOTE. This class should not be used directly. Use the * "AddressBook" class instead. @@ -70,11 +71,23 @@ class abook_local_file extends addressbook_backend { * @var bool */ var $writeable = false; + /** + * controls listing of address book + * @var bool + */ + var $listing = true; /** * Umask of the file * @var string */ var $umask; + /** + * Sets max entry size (number of bytes used for all address book fields + * (including escapes) + 4 delimiters + 1 linefeed) + * @var integer + * @since 1.5.2 + */ + var $line_length = 2048; /* ========================== Private ======================= */ @@ -84,7 +97,7 @@ class abook_local_file extends addressbook_backend { * @return bool */ function abook_local_file($param) { - $this->sname = _("Personal address book"); + $this->sname = _("Personal Address Book"); $this->umask = Umask(); if(is_array($param)) { @@ -113,6 +126,12 @@ class abook_local_file extends addressbook_backend { if(!empty($param['writeable'])) { $this->writeable = $param['writeable']; } + if(isset($param['listing'])) { + $this->listing = $param['listing']; + } + if(isset($param['line_length']) && ! empty($param['line_length'])) { + $this->line_length = (int) $param['line_length']; + } $this->open(true); } else { @@ -132,7 +151,7 @@ class abook_local_file extends addressbook_backend { $this->error = ''; $file = $this->filename; $create = $this->create; - $fopenmode = ($this->writeable ? 'a+' : 'r'); + $fopenmode = (($this->writeable && sq_is_writable($file)) ? 'a+' : 'r'); /* Return true is file is open and $new is unset */ if($this->filehandle && !$new) { @@ -233,6 +252,7 @@ class abook_local_file extends addressbook_backend { return $this->set_error($this->filename . ':' . _("Unable to update")); } @unlink($this->filename . '.tmp'); + @chmod($this->filename, 0600); $this->unlock(); $this->open(true); return true; @@ -250,6 +270,10 @@ class abook_local_file extends addressbook_backend { /* To be replaced by advanded search expression parsing */ if(is_array($expr)) { return; } + // don't allow wide search when listing is disabled. + if ($expr=='*' && ! $this->listing) + return array(); + /* Make regexp from glob'ed expression * May want to quote other special characters like (, ), -, [, ], etc. */ $expr = str_replace('?', '.', $expr); @@ -261,17 +285,32 @@ class abook_local_file extends addressbook_backend { } @rewind($this->filehandle); - while ($row = @fgetcsv($this->filehandle, 2048, '|')) { - $line = join(' ', $row); - if(eregi($expr, $line)) { - array_push($res, array('nickname' => $row[0], - 'name' => $row[1] . ' ' . $row[2], - 'firstname' => $row[1], - 'lastname' => $row[2], - 'email' => $row[3], - 'label' => $row[4], - 'backend' => $this->bnum, - 'source' => &$this->sname)); + while ($row = @fgetcsv($this->filehandle, $this->line_length, '|')) { + if (count($row)<5) { + /** + * address book is corrupted. + */ + global $oTemplate; + error_box(_("Address book is corrupted. Required fields are missing.")); + $oTemplate->display('footer.tpl'); + die(); + } else { + $line = join(' ', $row); + /** + * TODO: regexp search is supported only in local_file backend. + * Do we check format of regexp or ignore errors? + */ + // errors on preg_match call are suppressed in order to prevent display of regexp compilation errors + if(@preg_match('/' . $expr . '/i', $line)) { + array_push($res, array('nickname' => $row[0], + 'name' => $this->fullname($row[1], $row[2]), + 'firstname' => $row[1], + 'lastname' => $row[2], + 'email' => $row[3], + 'label' => $row[4], + 'backend' => $this->bnum, + 'source' => &$this->sname)); + } } } @@ -279,30 +318,53 @@ class abook_local_file extends addressbook_backend { } /** - * Lookup alias - * @param string $alias alias - * @return array search results + * Lookup an address by the indicated field. + * + * @param string $value The value to look up + * @param integer $field The field to look in, should be one + * of the SM_ABOOK_FIELD_* constants + * defined in include/constants.php + * (OPTIONAL; defaults to nickname field) + * NOTE: uniqueness is only guaranteed + * when the nickname field is used here; + * otherwise, the first matching address + * is returned. + * + * @return array Array with lookup results when the value + * was found, an empty array if the value was + * not found. + * */ - function lookup($alias) { - if(empty($alias)) { + function lookup($value, $field=SM_ABOOK_FIELD_NICKNAME) { + if(empty($value)) { return array(); } - $alias = strtolower($alias); + $value = strtolower($value); $this->open(); @rewind($this->filehandle); - while ($row = @fgetcsv($this->filehandle, 2048, '|')) { - if(strtolower($row[0]) == $alias) { - return array('nickname' => $row[0], - 'name' => $row[1] . ' ' . $row[2], - 'firstname' => $row[1], - 'lastname' => $row[2], - 'email' => $row[3], - 'label' => $row[4], - 'backend' => $this->bnum, - 'source' => &$this->sname); + while ($row = @fgetcsv($this->filehandle, $this->line_length, '|')) { + if (count($row)<5) { + /** + * address book is corrupted. + */ + global $oTemplate; + error_box(_("Address book is corrupted. Required fields are missing.")); + $oTemplate->display('footer.tpl'); + die(); + } else { + if(strtolower($row[$field]) == $value) { + return array('nickname' => $row[0], + 'name' => $this->fullname($row[1], $row[2]), + 'firstname' => $row[1], + 'lastname' => $row[2], + 'email' => $row[3], + 'label' => $row[4], + 'backend' => $this->bnum, + 'source' => &$this->sname); + } } } @@ -315,18 +377,34 @@ class abook_local_file extends addressbook_backend { */ function list_addr() { $res = array(); + + if(isset($this->listing) && !$this->listing) { + return array(); + } + $this->open(); @rewind($this->filehandle); - while ($row = @fgetcsv($this->filehandle, 2048, '|')) { - array_push($res, array('nickname' => $row[0], - 'name' => $row[1] . ' ' . $row[2], - 'firstname' => $row[1], - 'lastname' => $row[2], - 'email' => $row[3], - 'label' => $row[4], - 'backend' => $this->bnum, - 'source' => &$this->sname)); + while ($row = @fgetcsv($this->filehandle, $this->line_length, '|')) { + if (count($row)<5) { + /** + * address book is corrupted. Don't be nice to people that + * violate address book formating. + */ + global $oTemplate; + error_box(_("Address book is corrupted. Required fields are missing.")); + $oTemplate->display('footer.tpl'); + die(); + } else { + array_push($res, array('nickname' => $row[0], + 'name' => $this->fullname($row[1], $row[2]), + 'firstname' => $row[1], + 'lastname' => $row[2], + 'email' => $row[3], + 'label' => $row[4], + 'backend' => $this->bnum, + 'source' => &$this->sname)); + } } return $res; } @@ -338,31 +416,41 @@ class abook_local_file extends addressbook_backend { */ function add($userdata) { if(!$this->writeable) { - return $this->set_error(_("Addressbook is read-only")); + return $this->set_error(_("Address book is read-only")); } /* See if user exists already */ $ret = $this->lookup($userdata['nickname']); if(!empty($ret)) { - return $this->set_error(sprintf(_("User '%s' already exist"), - $ret['nickname'])); + // i18n: don't use html formating in translation + return $this->set_error(sprintf(_("User \"%s\" already exists"),$ret['nickname'])); } /* Here is the data to write */ $data = $this->quotevalue($userdata['nickname']) . '|' . $this->quotevalue($userdata['firstname']) . '|' . - $this->quotevalue($userdata['lastname']) . '|' . + $this->quotevalue((!empty($userdata['lastname'])?$userdata['lastname']:'')) . '|' . $this->quotevalue($userdata['email']) . '|' . - $this->quotevalue($userdata['label']); + $this->quotevalue((!empty($userdata['label'])?$userdata['label']:'')); /* Strip linefeeds */ - $data = ereg_replace("[\r\n]", ' ', $data); + $nl_str = array("\r","\n"); + $data = str_replace($nl_str, ' ', $data); + + /** + * Make sure that entry fits into allocated record space. + * One byte is reserved for linefeed + */ + if (strlen($data) >= $this->line_length) { + return $this->set_error(_("Address book entry is too big")); + } + /* Add linefeed at end */ $data = $data . "\n"; /* Reopen file, just to be sure */ $this->open(true); if(!$this->writeable) { - return $this->set_error(_("Addressbook is read-only")); + return $this->set_error(_("Address book is read-only")); } /* Lock the file */ @@ -379,7 +467,7 @@ class abook_local_file extends addressbook_backend { /* Test write result */ if($r === FALSE) { /* Fail */ - $this->set_error(_("Write to addressbook failed")); + $this->set_error(_("Write to address book failed")); return FALSE; } @@ -393,7 +481,7 @@ class abook_local_file extends addressbook_backend { */ function remove($alias) { if(!$this->writeable) { - return $this->set_error(_("Addressbook is read-only")); + return $this->set_error(_("Address book is read-only")); } /* Lock the file to make sure we're the only process working @@ -406,7 +494,7 @@ class abook_local_file extends addressbook_backend { @rewind($this->filehandle); $i = 0; $rows = array(); - while($row = @fgetcsv($this->filehandle, 2048, '|')) { + while($row = @fgetcsv($this->filehandle, $this->line_length, '|')) { if(!in_array($row[0], $alias)) { $rows[$i++] = $row; } @@ -430,37 +518,56 @@ class abook_local_file extends addressbook_backend { */ function modify($alias, $userdata) { if(!$this->writeable) { - return $this->set_error(_("Addressbook is read-only")); + return $this->set_error(_("Address book is read-only")); } /* See if user exists */ $ret = $this->lookup($alias); if(empty($ret)) { - return $this->set_error(sprintf(_("User '%s' does not exist"), - $alias)); + // i18n: don't use html formating in translation + return $this->set_error(sprintf(_("User \"%s\" does not exist"),$alias)); } - + + /* If the alias changed, see if the new alias exists */ + if (strtolower($alias) != strtolower($userdata['nickname'])) { + $ret = $this->lookup($userdata['nickname']); + if (!empty($ret)) { + return $this->set_error(sprintf(_("User \"%s\" already exists"), $userdata['nickname'])); + } + } + /* Lock the file to make sure we're the only process working * on it. */ if(!$this->lock()) { return $this->set_error(_("Could not lock datafile")); } + /* calculate userdata size */ + $data = $this->quotevalue($userdata['nickname']) . '|' + . $this->quotevalue($userdata['firstname']) . '|' + . $this->quotevalue((!empty($userdata['lastname'])?$userdata['lastname']:'')) . '|' + . $this->quotevalue($userdata['email']) . '|' + . $this->quotevalue((!empty($userdata['label'])?$userdata['label']:'')); + /* make sure that it fits into allocated space */ + if (strlen($data) >= $this->line_length) { + return $this->set_error(_("Address book entry is too big")); + } + /* Read file into memory, modifying the data for the * user identified by $alias */ $this->open(true); @rewind($this->filehandle); $i = 0; $rows = array(); - while($row = @fgetcsv($this->filehandle, 2048, '|')) { + while($row = @fgetcsv($this->filehandle, $this->line_length, '|')) { if(strtolower($row[0]) != strtolower($alias)) { $rows[$i++] = $row; } else { $rows[$i++] = array(0 => $userdata['nickname'], 1 => $userdata['firstname'], - 2 => $userdata['lastname'], + 2 => (!empty($userdata['lastname'])?$userdata['lastname']:''), 3 => $userdata['email'], - 4 => $userdata['label']); + 4 => (!empty($userdata['label'])?$userdata['label']:'')); } } @@ -482,11 +589,9 @@ class abook_local_file extends addressbook_backend { function quotevalue($value) { /* Quote the field if it contains | or ". Double quotes need to * be replaced with "" */ - if(ereg("[|\"]", $value)) { + if(stristr('"', $value) || stristr('|', $value)) { $value = '"' . str_replace('"', '""', $value) . '"'; } return $value; } - -} /* End of class abook_local_file */ -?> \ No newline at end of file +}