From fbf77b4493f1b77c99751d8a86365c712ae3fb1b Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 18 Nov 2005 10:35:15 -0500
Subject: [PATCH] Added Japanese localization
---
program/steps/addressbook/save.inc | 84 +++++++++++++++++++++++++----------------
1 files changed, 51 insertions(+), 33 deletions(-)
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index c0afd23..2f54e43 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -6,7 +6,7 @@
| |
| This file is part of the RoundCube Webmail client |
| Copyright (C) 2005, RoundCube Dev. - Switzerland |
- | All rights reserved. |
+ | Licensed under the GNU GPL |
| |
| PURPOSE: |
| Save a contact entry or to add a new one |
@@ -23,6 +23,15 @@
$a_save_cols = array('name', 'firstname', 'surname', 'email');
+// check input
+if (empty($_POST['_name']) || empty($_POST['_email']))
+ {
+ show_message('formincomplete', 'warning');
+ rcmail_overwrite_action($_POST['_cid'] ? 'show' : 'add');
+ return;
+ }
+
+
// update an existing contact
if ($_POST['_cid'])
{
@@ -34,20 +43,18 @@
if (!isset($_POST[$fname]))
continue;
- $a_write_sql[] = sprintf("%s='%s'", $col, addslashes($_POST[$fname]));
+ $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
}
if (sizeof($a_write_sql))
{
- $DB->query(sprintf("UPDATE %s
- SET %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
- join(', ', $a_write_sql),
- $_POST['_cid'],
- $_SESSION['user_id']));
+ $DB->query("UPDATE ".get_table_name('contacts')."
+ SET changed=now(), ".join(', ', $a_write_sql)."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
+ $_POST['_cid'],
+ $_SESSION['user_id']);
$updated = $DB->affected_rows();
}
@@ -63,13 +70,12 @@
$a_show_cols = array('name', 'email');
$a_js_cols = array();
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d
- AND del!='1'",
- get_table_name('contacts'),
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?
+ AND del<>'1'",
$_POST['_cid'],
- $_SESSION['user_id']));
+ $_SESSION['user_id']);
$sql_arr = $DB->fetch_assoc($sql_result);
foreach ($a_show_cols as $col)
@@ -90,7 +96,7 @@
{
// show error message
show_message('errorsaving', 'error');
- $_action = 'show';
+ rcmail_overwrite_action('show');
}
}
@@ -98,6 +104,22 @@
else
{
$a_insert_cols = $a_insert_values = array();
+
+ // check for existing contacts
+ $sql_result = $DB->query("SELECT 1 FROM ".get_table_name('contacts')."
+ WHERE user_id=?
+ AND email=?
+ AND del<>'1'",
+ $_SESSION['user_id'],
+ $_POST['_email']);
+
+ // show warning message
+ if ($DB->num_rows($sql_result))
+ {
+ show_message('contactexists', 'warning');
+ $_action = 'add';
+ return;
+ }
foreach ($a_save_cols as $col)
{
@@ -106,18 +128,15 @@
continue;
$a_insert_cols[] = $col;
- $a_insert_values[] = sprintf("'%s'", addslashes($_POST[$fname]));
+ $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
}
if (sizeof($a_insert_cols))
{
- $DB->query(sprintf("INSERT INTO %s
- (user_id, %s)
- VALUES (%d, %s)",
- get_table_name('contacts'),
- join(', ', $a_insert_cols),
- $_SESSION['user_id'],
- join(', ', $a_insert_values)));
+ $DB->query("INSERT INTO ".get_table_name('contacts')."
+ (user_id, changed, ".join(', ', $a_insert_cols).")
+ VALUES (?, now(), ".join(', ', $a_insert_values).")",
+ $_SESSION['user_id']);
$insert_id = $DB->insert_id();
}
@@ -131,12 +150,11 @@
{
// add contact row or jump to the page where it should appear
$commands = sprintf("if(parent.%s)parent.", $JS_OBJECT_NAME);
- $sql_result = $DB->query(sprintf("SELECT * FROM %s
- WHERE contact_id=%d
- AND user_id=%d",
- get_table_name('contacts'),
- $insert_id,
- $_SESSION['user_id']));
+ $sql_result = $DB->query("SELECT * FROM ".get_table_name('contacts')."
+ WHERE contact_id=?
+ AND user_id=?",
+ $insert_id,
+ $_SESSION['user_id']);
$commands .= rcmail_js_contacts_list($sql_result, $JS_OBJECT_NAME);
$commands .= sprintf("if(parent.%s)parent.%s.select('%d');\n",
@@ -160,7 +178,7 @@
{
// show error message
show_message('errorsaving', 'error');
- $_action = 'add';
+ rcmail_overwrite_action('add');
}
}
--
Gitblit v1.9.1