[imp] "Full Name" problem

Brent J. Nordquist bjn@horde.org
Fri, 1 Jun 2001 15:43:16 -0500 (CDT)


On Fri, 1 Jun 2001, Adam L. Perry <adam@adamperry.com> wrote:

> Is there a reason for the addslashes() function in prefs.php3?
>
> In prefs.php3 it runs addslashes() on the signature and the full name.
> If the substring contains quotes it escapes them with slashes and then
> writes it to the database.

Sorry for the delay in responding to you on this; I haven't been able to
get to it yet today.  I did some work in the LDAP area some time ago that
was similar to the problem you reported, so I want to go back and retrace
those steps.  Probably this weekend.

The addslashes() is a security feature; you have to escape untrusted user
input so that they can't use quotes, semicolons, etc. to add their own SQL
commands maliciously.  If you compare prefs.php3 2.2.5 to previous
versions you'll see the addslashes() was there before (it isn't new as of
2.2.5).

-- 
Brent J. Nordquist <bjn@horde.org> N0BJN
Yahoo!: Brent_Nordquist / AIM: BrentJNordquist / ICQ: 76158942



>From chuck@horde.org Date: Fri,  1 Jun 2001 16:43:36 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 62759 invoked from network); 1 Jun 2001 20:44:56 -0000
Received: from 208-59-250-206.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO marina.horde.org) (208.59.250.206)
  by horde.org with SMTP; 1 Jun 2001 20:44:56 -0000
Received: by marina.horde.org (Postfix, from userid 33)
	id 39CE239F6; Fri,  1 Jun 2001 16:43:36 -0400 (EDT)
Received: from 206.243.191.252 ( [206.243.191.252])
	as user chuck@localhost by marina.horde.org with HTTP;
	Fri,  1 Jun 2001 16:43:36 -0400
Message-ID: <991428216.3b17fe78099e4@marina.horde.org>
Date: Fri,  1 Jun 2001 16:43:36 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <991428060.3b17fddc3bb0c@webmail.gct21.net>
In-Reply-To: <991428060.3b17fddc3bb0c@webmail.gct21.net>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] Latest CVS

Quoting listman@gct21.net:

> Just updateed to the latest CVS and am getting the following error on
> the page
> after the login page.
> 
> 
> Warning: Undefined index: prefs in
> /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php on line 137
> 
> Warning: Undefined index: prefs in
> /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php on line 139
> 
> Warning: Cannot add header information - headers already sent by (output
> started
> at /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php:137) in
> /usr/home/free-mail2/public_html/horde/imp/redirect.php on line 65
> 
> This appears to be coming from the new mailbox.php file.

Have you looked at those line numbers? You don't appear to have any kind of 
prefs driver configured. You need to at least set it to 'none'.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Black and white and grey, all the shades of truth.


>From listman@gct21.net Date: Fri,  1 Jun 2001 14:23:39 -0700
Return-Path: <listman@gct21.net>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 64792 invoked from network); 1 Jun 2001 21:23:41 -0000
Received: from softdnserror (HELO ns1.gct21.net) (66.52.7.179)
  by horde.org with SMTP; 1 Jun 2001 21:23:41 -0000
Received: (from nobody@localhost)
	by ns1.gct21.net (8.9.3/8.9.3) id OAA11200
	for imp@lists.horde.org; Fri, 1 Jun 2001 14:23:40 -0700 (PDT)
	(envelope-from listman@gct21.net)
X-Authentication-Warning: ns1.gct21.net: nobody set sender to listman@gct21.net using -f
Received: from radius2.gct21.net ( [radius2.gct21.net])
	as user listman@localhost by members.free-mail.cc with HTTP;
	Fri,  1 Jun 2001 14:23:39 -0700
Message-ID: <991430619.3b1807dbcce69@members.free-mail.cc>
Date: Fri,  1 Jun 2001 14:23:39 -0700
From: Bill Neely <listman@gct21.net>
To: imp@lists.horde.org
References: <991428060.3b17fddc3bb0c@webmail.gct21.net> <991428216.3b17fe78099e4@marina.horde.org>
In-Reply-To: <991428216.3b17fe78099e4@marina.horde.org>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
X-Originating-IP: 64.42.89.100
Subject: Re: [imp] Latest CVS

Sorry, my problem. I didn't notice that horde.conf had been updated.


Quoting Chuck Hagenbuch <chuck@horde.org>:

> Quoting listman@gct21.net:
> 
> > Just updateed to the latest CVS and am getting the following error on
> > the page
> > after the login page.
> > 
> > 
> > Warning: Undefined index: prefs in
> > /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php on line 137
> > 
> > Warning: Undefined index: prefs in
> > /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php on line 139
> > 
> > Warning: Cannot add header information - headers already sent by (output
> > started
> > at /usr/home/free-mail2/public_html/horde/imp/lib/IMP.php:137) in
> > /usr/home/free-mail2/public_html/horde/imp/redirect.php on line 65
> > 
> > This appears to be coming from the new mailbox.php file.
> 
> Have you looked at those line numbers? You don't appear to have any kind of
> 
> prefs driver configured. You need to at least set it to 'none'.
> 
> -chuck
> 
> --
> Charles Hagenbuch, <chuck@horde.org>
> Black and white and grey, all the shades of truth.
> 
> -- 
> IMP mailing list: http://horde.org/imp/
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: imp-unsubscribe@lists.horde.org
> 
> 


-------------------------------------------------
This mail sent through FREE-MAIL.CC
New and improved version at http://www.free-mail.cc


>From chuck@horde.org Date: Fri,  1 Jun 2001 17:23:49 -0400
Return-Path: <chuck@horde.org>
Mailing-List: contact imp-help@lists.horde.org; run by ezmlm
Delivered-To: mailing list imp@lists.horde.org
Received: (qmail 65603 invoked from network); 1 Jun 2001 21:25:09 -0000
Received: from 208-59-250-206.c3-0.smr-ubr1.sbo-smr.ma.cable.rcn.com (HELO marina.horde.org) (208.59.250.206)
  by horde.org with SMTP; 1 Jun 2001 21:25:09 -0000
Received: by marina.horde.org (Postfix, from userid 33)
	id 5AB59397C; Fri,  1 Jun 2001 17:23:49 -0400 (EDT)
Received: from 206.243.191.252 ( [206.243.191.252])
	as user chuck@localhost by marina.horde.org with HTTP;
	Fri,  1 Jun 2001 17:23:49 -0400
Message-ID: <991430629.3b1807e51ffb3@marina.horde.org>
Date: Fri,  1 Jun 2001 17:23:49 -0400
From: Chuck Hagenbuch <chuck@horde.org>
To: imp@lists.horde.org
References: <991423576.3b17ec5833579@C.private.neuromics.com>
In-Reply-To: <991423576.3b17ec5833579@C.private.neuromics.com>
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit
User-Agent: Internet Messaging Program (IMP) 2.3.7-cvs
Subject: Re: [imp] Setting default addressbooks in prefs.php

Quoting Rodney Barnett <rbarnett@neuromics.com>:

> > // addressbook(s) to use when expanding addresses
> > $_prefs['search_sources'] = array(
> >     'value' => '',
> >     'locked' => false,
> >     'shared' => false,
> >     'type' => 'implicit'
> > );
> 
> I tried replacing '' with an array, but that produced what appears to be a 
> type conversion error on the Addressbook options page.

It's a tab-delimited string. So "source1\tsource2" should do it.

-chuck

--
Charles Hagenbuch, <chuck@horde.org>
Black and white and grey, all the shades of truth.