X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=functions%2Fabook_local_file.php;h=5ea4b3014f62bf871caeb21cb7cc73b139181743;hp=e9986c6e403082a9fc325958e8e710fc04c2f70f;hb=92b1e8978f9eec3426a1662cd906820f32ac938b;hpb=6c99d1de81366bceab6c9d6cf12179eedc81f9bc diff --git a/functions/abook_local_file.php b/functions/abook_local_file.php index e9986c6e..5ea4b301 100644 --- a/functions/abook_local_file.php +++ b/functions/abook_local_file.php @@ -3,7 +3,7 @@ /** * abook_local_file.php * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright 1999-2016 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -97,7 +97,7 @@ class abook_local_file extends addressbook_backend { * @return bool */ function abook_local_file($param) { - $this->sname = _("Personal address book"); + $this->sname = _("Personal Address Book"); $this->umask = Umask(); if(is_array($param)) { @@ -151,7 +151,7 @@ class abook_local_file extends addressbook_backend { $this->error = ''; $file = $this->filename; $create = $this->create; - $fopenmode = (($this->writeable && is_writable($file)) ? 'a+' : 'r'); + $fopenmode = (($this->writeable && sq_is_writable($file)) ? 'a+' : 'r'); /* Return true is file is open and $new is unset */ if($this->filehandle && !$new) { @@ -252,6 +252,7 @@ class abook_local_file extends addressbook_backend { return $this->set_error($this->filename . ':' . _("Unable to update")); } @unlink($this->filename . '.tmp'); + @chmod($this->filename, 0600); $this->unlock(); $this->open(true); return true; @@ -273,10 +274,9 @@ class abook_local_file extends addressbook_backend { if ($expr=='*' && ! $this->listing) return array(); - /* Make regexp from glob'ed expression - * May want to quote other special characters like (, ), -, [, ], etc. */ - $expr = str_replace('?', '.', $expr); - $expr = str_replace('*', '.*', $expr); + // Make regexp from glob'ed expression + $expr = preg_quote($expr); + $expr = str_replace(array('\\?', '\\*'), array('.', '.*'), $expr); $res = array(); if(!$this->open()) { @@ -294,13 +294,15 @@ class abook_local_file extends addressbook_backend { $oTemplate->display('footer.tpl'); die(); } else { - $line = join(' ', $row); /** * TODO: regexp search is supported only in local_file backend. * Do we check format of regexp or ignore errors? */ - // errors on eregi call are suppressed in order to prevent display of regexp compilation errors - if(@eregi($expr, $line)) { + // errors on preg_match call are suppressed in order to prevent display of regexp compilation errors + if (@preg_match('/' . $expr . '/i', $row[0]) // nickname + || @preg_match('/' . $expr . '/i', $row[1]) // firstname + || @preg_match('/' . $expr . '/i', $row[2]) // lastname + || @preg_match('/' . $expr . '/i', $row[3])) { // email array_push($res, array('nickname' => $row[0], 'name' => $this->fullname($row[1], $row[2]), 'firstname' => $row[1], @@ -317,16 +319,29 @@ class abook_local_file extends addressbook_backend { } /** - * Lookup alias - * @param string $alias alias - * @return array search results + * Lookup an address by the indicated field. + * + * @param string $value The value to look up + * @param integer $field The field to look in, should be one + * of the SM_ABOOK_FIELD_* constants + * defined in include/constants.php + * (OPTIONAL; defaults to nickname field) + * NOTE: uniqueness is only guaranteed + * when the nickname field is used here; + * otherwise, the first matching address + * is returned. + * + * @return array Array with lookup results when the value + * was found, an empty array if the value was + * not found. + * */ - function lookup($alias) { - if(empty($alias)) { + function lookup($value, $field=SM_ABOOK_FIELD_NICKNAME) { + if(empty($value)) { return array(); } - $alias = strtolower($alias); + $value = strtolower($value); $this->open(); @rewind($this->filehandle); @@ -341,7 +356,7 @@ class abook_local_file extends addressbook_backend { $oTemplate->display('footer.tpl'); die(); } else { - if(strtolower($row[0]) == $alias) { + if(strtolower($row[$field]) == $value) { return array('nickname' => $row[0], 'name' => $this->fullname($row[1], $row[2]), 'firstname' => $row[1], @@ -419,7 +434,8 @@ class abook_local_file extends addressbook_backend { $this->quotevalue((!empty($userdata['label'])?$userdata['label']:'')); /* Strip linefeeds */ - $data = ereg_replace("[\r\n]", ' ', $data); + $nl_str = array("\r","\n"); + $data = str_replace($nl_str, ' ', $data); /** * Make sure that entry fits into allocated record space. @@ -512,7 +528,15 @@ class abook_local_file extends addressbook_backend { // i18n: don't use html formating in translation return $this->set_error(sprintf(_("User \"%s\" does not exist"),$alias)); } - + + /* If the alias changed, see if the new alias exists */ + if (strtolower($alias) != strtolower($userdata['nickname'])) { + $ret = $this->lookup($userdata['nickname']); + if (!empty($ret)) { + return $this->set_error(sprintf(_("User \"%s\" already exists"), $userdata['nickname'])); + } + } + /* Lock the file to make sure we're the only process working * on it. */ if(!$this->lock()) { @@ -566,10 +590,9 @@ class abook_local_file extends addressbook_backend { function quotevalue($value) { /* Quote the field if it contains | or ". Double quotes need to * be replaced with "" */ - if(ereg("[|\"]", $value)) { + if(stristr($value, '"') || stristr($value, '|')) { $value = '"' . str_replace('"', '""', $value) . '"'; } return $value; } - -} /* End of class abook_local_file */ +}