Hi,
I've just been tracking down a bug with the mail compose that I found when clicking on the mail address from my nephew. He's at college and has an email of the form 'sshh123@somewhere.co.uk'. When I clicked this I was getting SQL syntax errors appearing on the screen.
I tracked it down to the compose.inc module, the 'to' case in function rcmail_compose_headers($attrib). The preg_match line has the regexp /[0-9]+,?/ which matches with my nephew's email, causing the sql query to be run (ideally the contact_id could be quoted to prevent syntax errors).
Anyway, since I assume the code is meant to be looking for only numbers or lists of numbers, I suggest the following change to the regexp:
/^([0-9]+,?)+/
I've tested this against various inputs and it's doing what I think the code should be doing!
You may be interested to know that I started using this project as a front end to my mail backup. I have a Perl script running every 5 mins that grabs my mail from my ISP and stores the mails in a MySQL database. I've written a replacement for 'imap.inc' that performs all of the IMAP commands on my database. It's all working well (so far). I'm now using this combination as my main mail client.
Cheers, Steve