'[SM-CVS] SF.net SVN: squirrelmail:[14242] trunk/squirrelmail'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       squirrelmail-cvs
Subject:    [SM-CVS] SF.net SVN: squirrelmail:[14242] trunk/squirrelmail
From:       pdontthink () users ! sourceforge ! net
Date:       2011-12-28 2:59:31
Message-ID: E1Rfjjn-0002Le-PU () sfp-svn-2 ! v30 ! ch3 ! sourceforge ! com
[Download RAW message or body]

Revision: 14242
          http://squirrelmail.svn.sourceforge.net/squirrelmail/?rev=14242&view=rev
Author:   pdontthink
Date:     2011-12-28 02:59:31 +0000 (Wed, 28 Dec 2011)
Log Message:
-----------
Unify address book searches.  See ChangeLog comments.  Also, fixed bug wherein file \
backend wasn't escaping regular expression correctly.  File based backend used to \
search all fields at once, concatenated by spaces, which 'worked', but is misleading \
and nothing like the other backends.

Modified Paths:
--------------
    trunk/squirrelmail/doc/ChangeLog
    trunk/squirrelmail/functions/abook_database.php
    trunk/squirrelmail/functions/abook_local_file.php

Modified: trunk/squirrelmail/doc/ChangeLog
===================================================================
--- trunk/squirrelmail/doc/ChangeLog	2011-12-28 02:58:29 UTC (rev 14241)
+++ trunk/squirrelmail/doc/ChangeLog	2011-12-28 02:59:31 UTC (rev 14242)
@@ -369,6 +369,9 @@
   - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
   - Always ensure that the Reply-To header is a full email address in
     outgoing messages
+  - Unified address book searches somewhat: file-backed address books now
+    search in each field individually; database-backed address books now
+    search in fields other than first/last name (nickname, email)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

Modified: trunk/squirrelmail/functions/abook_database.php
===================================================================
--- trunk/squirrelmail/functions/abook_database.php	2011-12-28 02:58:29 UTC (rev \
                14241)
+++ trunk/squirrelmail/functions/abook_database.php	2011-12-28 02:59:31 UTC (rev \
14242) @@ -264,8 +264,12 @@
         $escape = 'ESCAPE \'' . $this->dbh->quoteString('\\') . '\'';
     
         $query = sprintf("SELECT * FROM %s WHERE owner='%s' AND " .
-                         "(LOWER(firstname) LIKE '%s' %s OR LOWER(lastname) LIKE \
                '%s' %s)",
-                         $this->table, $this->owner, $expr, $escape, $expr, \
$escape); +                         "(LOWER(firstname) LIKE '%s' %s " .
+                         "OR LOWER(lastname) LIKE '%s' %s " .
+                         "OR LOWER(email) LIKE '%s' %s " .
+                         "OR LOWER(nickname) LIKE '%s' %s)",
+                         $this->table, $this->owner, $expr, $escape, $expr, $escape,
+                                                     $expr, $escape, $expr, \
$escape);  
         $res = $this->dbh->query($query);
 

Modified: trunk/squirrelmail/functions/abook_local_file.php
===================================================================
--- trunk/squirrelmail/functions/abook_local_file.php	2011-12-28 02:58:29 UTC (rev \
                14241)
+++ trunk/squirrelmail/functions/abook_local_file.php	2011-12-28 02:59:31 UTC (rev \
14242) @@ -274,10 +274,9 @@
         if ($expr=='*' && ! $this->listing)
             return array();
 
-        /* Make regexp from glob'ed expression
-         * May want to quote other special characters like (, ), -, [, ], etc. */
-        $expr = str_replace('?', '.', $expr);
-        $expr = str_replace('*', '.*', $expr);
+        // Make regexp from glob'ed expression
+        $expr = preg_quote($expr);
+        $expr = str_replace(array('\\?', '\\*'), array('.', '.*'), $expr);
 
         $res = array();
         if(!$this->open()) {
@@ -295,13 +294,15 @@
                 $oTemplate->display('footer.tpl');
                 die();
             } else {
-                $line = join(' ', $row);
                 /**
                  * TODO: regexp search is supported only in local_file backend.
                  * Do we check format of regexp or ignore errors?
                  */
                 // errors on preg_match call are suppressed in order to prevent \
                display of regexp compilation errors
-                if(@preg_match('/' . $expr . '/i', $line)) {
+                if (@preg_match('/' . $expr . '/i', $row[0])    // nickname
+                 || @preg_match('/' . $expr . '/i', $row[1])    // firstname
+                 || @preg_match('/' . $expr . '/i', $row[2])    // lastname
+                 || @preg_match('/' . $expr . '/i', $row[3])) { // email
                     array_push($res, array('nickname'  => $row[0],
                         'name'      => $this->fullname($row[1], $row[2]),
                         'firstname' => $row[1],

This was sent by the SourceForge.net collaborative development platform, the world's \
largest Open Source development site.


------------------------------------------------------------------------------
Write once. Port to many.
Get the SDK and tools to simplify cross-platform app development. Create 
new or port existing apps to sell to consumers worldwide. Explore the 
Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join
http://p.sf.net/sfu/intel-appdev
-----
squirrelmail-cvs mailing list
List address: squirrelmail-cvs@lists.sourceforge.net
List info (subscribe/unsubscribe/change options): \
                https://lists.sourceforge.net/lists/listinfo/squirrelmail-cvs
Repository: http://squirrelmail.org/svn


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic