[RCD] Handling invalid address book entries
Ziba Scott
ziba at umich.edu
Wed Oct 15 17:18:08 CEST 2008
When editing contacts, some invalid characters are not stripped or
handled in some way. They make it all the way to the sql statement
before things trip up. (Using a prepare statement thankfully prevents
injecting a second statement. More details in:
http://trac.roundcube.net/ticket/1485504)
I can work on a patch, but I'd appreciate some guidance first:
Should the backend explicitly validate the input against a regular
expression?
What is valid/invalid?
How should the interface report bad characters and/or failed contact
saves to the user?
Thanks,
Ziba
Webmaster Team
University of Michigan
_______________________________________________
List info: http://lists.roundcube.net/dev/
More information about the Dev
mailing list