From 107bde9cfd9a0392d18544b5a433552ce6f2f0a6 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 30 Aug 2006 13:41:21 -0400
Subject: [PATCH] Added MSSQL support
---
program/steps/addressbook/save.inc | 32 +++++++++++++++++---------------
1 files changed, 17 insertions(+), 15 deletions(-)
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 24e375e..abea316 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -23,7 +23,7 @@
if ((empty($_POST['_name']) || empty($_POST['_email'])) && empty($_GET['_framed']))
{
show_message('formincomplete', 'warning');
- rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
+ rcmail_overwrite_action(empty($_POST['_cid']) ? 'add' : 'show');
return;
}
@@ -32,7 +32,7 @@
$contacts_table = get_table_name('contacts');
// update an existing contact
-if ($_POST['_cid'])
+if (!empty($_POST['_cid']))
{
$a_write_sql = array();
@@ -42,13 +42,15 @@
if (!isset($_POST[$fname]))
continue;
- $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
+ $a_write_sql[] = sprintf("%s=%s",
+ $DB->quoteIdentifier($col),
+ $DB->quote(get_input_value($fname, RCUBE_INPUT_POST)));
}
if (sizeof($a_write_sql))
{
$DB->query("UPDATE $contacts_table
- SET changed=now(), ".join(', ', $a_write_sql)."
+ SET changed=".$DB->now().", ".join(', ', $a_write_sql)."
WHERE contact_id=?
AND user_id=?
AND del<>1",
@@ -63,7 +65,7 @@
$_action = 'show';
show_message('successfullysaved', 'confirmation');
- if ($_POST['_framed'])
+ if ($_framed)
{
// define list of cols to be displayed
$a_show_cols = array('name', 'email');
@@ -113,20 +115,20 @@
if (isset($_GET['_emails']) && isset($_GET['_names']))
{
$sql .= "AND email IN (";
- $emails = explode(',', $_GET['_emails']);
- $names = explode(',', $_GET['_names']);
+ $emails = explode(',', get_input_value('_emails', RCUBE_INPUT_GET));
+ $names = explode(',', get_input_value('_names', RCUBE_INPUT_GET));
$count = count($emails);
$n = 0;
foreach ($emails as $email)
{
$end = (++$n == $count) ? '' : ',';
- $sql .= $DB->quote(strip_tags($email)) . $end;
+ $sql .= $DB->quote($email) . $end;
}
$sql .= ")";
$ldap_form = true;
}
else if (isset($_POST['_email']))
- $sql .= "AND email = " . $DB->quote(strip_tags($_POST['_email']));
+ $sql .= "AND email = " . $DB->quote(get_input_value('_email', RCUBE_INPUT_POST));
$sql_result = $DB->query($sql);
@@ -150,8 +152,8 @@
{
$DB->query("INSERT INTO $contacts_table
(user_id, name, email)
- VALUES ({$_SESSION['user_id']}," . $DB->quote(strip_tags($names[$n++])) . "," .
- $DB->quote(strip_tags($email)) . ")");
+ VALUES ({$_SESSION['user_id']}," . $DB->quote($names[$n++]) . "," .
+ $DB->quote($email) . ")");
$insert_id[] = $DB->insert_id();
}
}
@@ -164,14 +166,14 @@
continue;
$a_insert_cols[] = $col;
- $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
+ $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST));
}
if (sizeof($a_insert_cols))
{
$DB->query("INSERT INTO $contacts_table
- (user_id, changed, del, ".join(', ', $a_insert_cols).")
- VALUES (?, now(), 0, ".join(', ', $a_insert_values).")",
+ (user_id, changed, del, ".join(', ', $a_insert_cols).")
+ VALUES (?, ".$DB->now().", 0, ".join(', ', $a_insert_values).")",
$_SESSION['user_id']);
$insert_id = $DB->insert_id(get_sequence_name('contacts'));
@@ -185,7 +187,7 @@
$_action = 'show';
$_GET['_cid'] = $insert_id;
- if ($_POST['_framed'])
+ if ($_framed)
{
// add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
--
Gitblit v1.9.1