From: tokul <tokul@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 15 Jul 2006 12:35:16 +0000 (+0000)
Subject: adding safety checks. if invalid backend number was used, script used invalid
X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=commitdiff_plain;h=01066e58f6a24fa5769ef1b16bdfc4d153390c0f

adding safety checks. if invalid backend number was used, script used invalid
object calls


git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@11397 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/ChangeLog b/ChangeLog
index 4fb9d36e..3cfd2f1b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -99,6 +99,7 @@ Version 1.5.2 - CVS
   - Fixed spamcop web based reporting form (#1519673) and removed service
     type options from spamcop plugin.
   - Removed trailing ?> from function scripts.
+  - Added checks for non-existent backend to AddressBook class.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/functions/addressbook.php b/functions/addressbook.php
index 8c764877..59256d7d 100644
--- a/functions/addressbook.php
+++ b/functions/addressbook.php
@@ -598,7 +598,11 @@ class AddressBook {
                 $ret = FALSE;
             }
 
-        }  else {
+        } elseif (! isset($this->backends[$bnum])) {
+            /* make sure that backend exists */
+            $this->error = _("Unknown address book backend");
+            $ret = false;
+        } else {
 
             /* Search only one backend */
 
@@ -641,6 +645,10 @@ class AddressBook {
         $ret = array();
 
         if ($bnum > -1) {
+            if (!isset($this->backends[$bnum])) {
+                $this->error = _("Unknown address book backend");
+                return false;
+            }
             $res = $this->backends[$bnum]->lookup($alias);
             if (is_array($res)) {
                return $res;
@@ -678,6 +686,10 @@ class AddressBook {
 
         if ($bnum == -1) {
             $sel = $this->get_backend_list('');
+        } elseif (! isset($this->backends[$bnum])) {
+            /* make sure that backend exists */
+            $this->error = _("Unknown address book backend");
+            $ret = false;
         } else {
             $sel = array(0 => &$this->backends[$bnum]);
         }
@@ -729,6 +741,12 @@ class AddressBook {
             return false;
         }
 
+        /* make sure that backend exists */
+        if (! isset($this->backends[$bnum])) {
+            $this->error = _("Unknown address book backend");
+            return false;
+        }
+
         /* Check that specified backend accept new entries */
         if (!$this->backends[$bnum]->writeable) {
             $this->error = _("Address book is read-only");
@@ -766,6 +784,12 @@ class AddressBook {
             $alias = array(0 => $alias);
         }
 
+        /* make sure that backend exists */
+        if (! isset($this->backends[$bnum])) {
+            $this->error = _("Unknown address book backend");
+            return false;
+        }
+
         /* Check that specified backend is writable */
         if (!$this->backends[$bnum]->writeable) {
             $this->error = _("Address book is read-only");
@@ -821,6 +845,12 @@ class AddressBook {
             $userdata['nickname'] = $userdata['email'];
         }
 
+        /* make sure that backend exists */
+        if (! isset($this->backends[$bnum])) {
+            $this->error = _("Unknown address book backend");
+            return false;
+        }
+
         /* Check that specified backend is writable */
         if (!$this->backends[$bnum]->writeable) {
             $this->error = _("Address book is read-only");;