From c9dcb83132da6df4e601f5991727b010a08766d6 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 23 Jul 2012 04:40:48 -0400
Subject: [PATCH] Fixed PHP warning, added check for allowed characters in variable name

---
 plugins/managesieve/managesieve.php |   17 +++++++++++------
 1 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/plugins/managesieve/managesieve.php b/plugins/managesieve/managesieve.php
index b3be9c7..70b280d 100644
--- a/plugins/managesieve/managesieve.php
+++ b/plugins/managesieve/managesieve.php
@@ -854,17 +854,22 @@
                     break;
 
                 case 'set':
+                    $this->form['actions'][$i]['name'] = $varnames[$idx];
+                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
+                    foreach ((array)$varmods[$idx] as $v_m) {
+                        $this->form['actions'][$i][$v_m] = true;
+                    }
+
                     if (empty($varnames[$idx])) {
                         $this->errors['actions'][$i]['name'] = $this->gettext('cannotbeempty');
                     }
-                    if (empty($varvalues[$idx])) {
+                    else if (!preg_match('/^[0-9a-z_]+$/i', $varnames[$idx])) {
+                        $this->errors['actions'][$i]['name'] = $this->gettext('forbiddenchars');
+                    }
+
+                    if (!isset($varvalues[$idx]) || $varvalues[$idx] === '') {
                         $this->errors['actions'][$i]['value'] = $this->gettext('cannotbeempty');
                     }
-                    foreach ($varmods[$idx] as $v_m) {
-                        $this->form['actions'][$i][$v_m] = true;
-                    }
-                    $this->form['actions'][$i]['name'] = $varnames[$idx];
-                    $this->form['actions'][$i]['value'] = $varvalues[$idx];
                     break;
                 }
 

--
Gitblit v1.9.1