[RCD] Handling invalid address book entries
A.L.E.C
alec at alec.pl
Thu Oct 16 19:39:52 CEST 2008
Ziba Scott wrote:
> Hi Mike,
>
> RC is using prepared statements. Even so, just quoting the character
> might not be the total answer because ticket: 1463946 claims that if
> this single quote were stored, it would cause problems down the line.
> So there is still a question of escaping, storing and fixing later
> problems or rejecting in the first place.
In names should be allowed any character. For email field should be used
regex. That's all. Also there's quoting in rcube_contacts:
$a_insert_cols[] = $this->db->quoteIdentifier($col);
$a_insert_values[] = $this->db->quote($save_data[$col]);
so really, I don't see where's the problem.
--
Aleksander 'A.L.E.C' Machniak http://alec.pl gg:2275252
LAN Management System Developer http://lms.org.pl
Roundcube Webmail Developer http://roundcube.net
_______________________________________________
List info: http://lists.roundcube.net/dev/
More information about the Dev
mailing list