[RCD] Handling invalid address book entries
ziba at umich.edu
Wed Oct 15 17:18:08 CEST 2008
When editing contacts, some invalid characters are not stripped or
handled in some way. They make it all the way to the sql statement
before things trip up. (Using a prepare statement thankfully prevents
injecting a second statement. More details in:
I can work on a patch, but I'd appreciate some guidance first:
Should the backend explicitly validate the input against a regular
What is valid/invalid?
How should the interface report bad characters and/or failed contact
saves to the user?
University of Michigan
List info: http://lists.roundcube.net/dev/
More information about the Dev