Fixed bug #126497 + problem with error handling in src/addressbook.php.
authorpallo <pallo@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 3 Jan 2001 14:12:43 +0000 (14:12 +0000)
committerpallo <pallo@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Wed, 3 Jan 2001 14:12:43 +0000 (14:12 +0000)
git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@908 7612ce4b-ef26-0410-bec9-ea0150e637f0

functions/addressbook.php
src/addressbook.php

index 595507c..8e20224 100644 (file)
            $this->error = _("E-mail address is missing");
            return false;
         }
+
+        if(eregi("[\: \|\#\"\!]", $userdata["nickname"])) {
+           $this->error = _("Nickname contain illegal characters");
+           return false;
+        }
+
         if(empty($userdata["nickname"])) {
            $userdata["nickname"] = $userdata["email"];
         }
 
         // Check that specified backend is writable
         if(!$this->backends[$bnum]->writeable) {
-           $this->error = sprintf(_("Addressbook %s is read-only", $bnum));
+           $this->error = _("Addressbook is read-only");;
            return false;
         }
 
index 5e80b33..c1d584b 100644 (file)
               printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
                      htmlspecialchars($olddata["backend"]));
               print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
-              print "</FORM>";        
+              print "</FORM>";
            }
         }
 
               print "</TABLE>\n";
               address_form("editaddr", _("Update address"), $newdata);
               printf("<INPUT TYPE=hidden NAME=oldnick VALUE=\"%s\">\n",
-                     htmlspecialchars($newdata["nickname"]));
+                     htmlspecialchars($oldnick));
               printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
-                     htmlspecialchars($newdata["backend"]));
+                     htmlspecialchars($backend));
               print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
               print "</FORM>";