0012124: emojis in recipient names break message caching
authorPhilipp Schüle <p.schuele@metaways.de>
Thu, 18 Aug 2016 10:40:03 +0000 (12:40 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Fri, 19 Aug 2016 07:28:29 +0000 (09:28 +0200)
* filter recipient names before inserting in db

https://forge.tine20.org/view.php?id=12124

Change-Id: I4825be8381af0746d5afa00d834cbd1ee75c85ce
Reviewed-on: http://gerrit.tine20.com/customers/3461
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
Tested-by: Philipp Schüle <p.schuele@metaways.de>
tine20/Felamimail/Backend/Cache/Sql/Message.php

index ceef8a3..6f98262 100644 (file)
@@ -107,21 +107,27 @@ class Felamimail_Backend_Cache_Sql_Message extends Tinebase_Backend_Sql_Abstract
     protected function _updateForeignKeys($_mode, Tinebase_Record_Abstract $_record)
     {
         if ($_mode == 'create') {
-            
             foreach ($this->_foreignTables as $key => $foreign) {
                 if (!isset($_record->{$key}) || empty($_record->{$key})) {
                     continue;
                 }
-                
-                //if (Tinebase_Core::isLogLevel(Zend_Log::DEBUG)) Tinebase_Core::getLogger()->debug(__METHOD__ . '::' . __LINE__ . ' ' . $_field . ': ' . print_r($_record->{$_field}, TRUE));
-                
+
+                if (Tinebase_Core::isLogLevel(Zend_Log::TRACE)) Tinebase_Core::getLogger()->trace(__METHOD__
+                    . '::' . __LINE__ . ' ' . $key . ': ' . print_r($_record->{$key}, TRUE));
+
                 foreach ($_record->{$key} as $data) {
                     if ($key == 'flags') {
                         $data = array(
                             'flag'      => $data,
                             'folder_id' => $_record->folder_id
                         );
+                    } else {
+                        // need to filter input as 'name' could contain invalid chars (emojis, ...) here
+                        foreach ($data as $field => $value) {
+                            $data[$field] = Tinebase_Core::filterInputForDatabase($data[$field]);
+                        }
                     }
+
                     $data['message_id'] = $_record->getId();
                     $this->_db->insert($this->_tablePrefix . $foreign['table'], $data);
                 }