Unify address book searches. See ChangeLog comments. Also, fixed bug wherein file backend wasn't escaping regular expression correctly. File based backend used to search all fields at once, concatenated by spaces, which 'worked', but is misleading and nothing like the other backends.

doc/ChangeLog

@@ -369,6 +369,9 @@ Version 1.5.2 - SVN
   - Fixed XSS problem with unsanitized style tags in messages. [CVE-2011-2023]
   - Always ensure that the Reply-To header is a full email address in
     outgoing messages
+  - Unified address book searches somewhat: file-backed address books now
+    search in each field individually; database-backed address books now
+    search in fields other than first/last name (nickname, email)
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

functions/abook_database.php

@@ -264,8 +264,12 @@ class abook_database extends addressbook_backend {
         $escape = 'ESCAPE \'' . $this->dbh->quoteString('\\') . '\'';
     
         $query = sprintf("SELECT * FROM %s WHERE owner='%s' AND " .
-                         "(LOWER(firstname) LIKE '%s' %s OR LOWER(lastname) LIKE '%s' %s)",
-                         $this->table, $this->owner, $expr, $escape, $expr, $escape);
+                         "(LOWER(firstname) LIKE '%s' %s " .
+                         "OR LOWER(lastname) LIKE '%s' %s " .
+                         "OR LOWER(email) LIKE '%s' %s " .
+                         "OR LOWER(nickname) LIKE '%s' %s)",
+                         $this->table, $this->owner, $expr, $escape, $expr, $escape,
+                                                     $expr, $escape, $expr, $escape);
 
         $res = $this->dbh->query($query);
 

functions/abook_local_file.php

@@ -274,10 +274,9 @@ class abook_local_file extends addressbook_backend {
         if ($expr=='*' && ! $this->listing)
             return array();
 
-        /* Make regexp from glob'ed expression
-         * May want to quote other special characters like (, ), -, [, ], etc. */
-        $expr = str_replace('?', '.', $expr);
-        $expr = str_replace('*', '.*', $expr);
+        // Make regexp from glob'ed expression
+        $expr = preg_quote($expr);
+        $expr = str_replace(array('\\?', '\\*'), array('.', '.*'), $expr);
 
         $res = array();
         if(!$this->open()) {
@@ -295,13 +294,15 @@ class abook_local_file extends addressbook_backend {
                 $oTemplate->display('footer.tpl');
                 die();
             } else {
-                $line = join(' ', $row);
                 /**
                  * TODO: regexp search is supported only in local_file backend.
                  * Do we check format of regexp or ignore errors?
                  */
                 // errors on preg_match call are suppressed in order to prevent display of regexp compilation errors
-                if(@preg_match('/' . $expr . '/i', $line)) {
+                if (@preg_match('/' . $expr . '/i', $row[0])    // nickname
+                 || @preg_match('/' . $expr . '/i', $row[1])    // firstname
+                 || @preg_match('/' . $expr . '/i', $row[2])    // lastname
+                 || @preg_match('/' . $expr . '/i', $row[3])) { // email
                     array_push($res, array('nickname'  => $row[0],
                         'name'      => $this->fullname($row[1], $row[2]),
                         'firstname' => $row[1],