Fixed bug #126497 + problem with error handling in src/addressbook.php.

functions/addressbook.php

@@ -335,13 +335,19 @@
 	    $this->error = _("E-mail address is missing");
 	    return false;
 	 }
+
+	 if(eregi("[\: \|\#\"\!]", $userdata["nickname"])) {
+	    $this->error = _("Nickname contain illegal characters");
+	    return false;
+	 }
+
 	 if(empty($userdata["nickname"])) {
 	    $userdata["nickname"] = $userdata["email"];
 	 }
 
 	 // Check that specified backend is writable
 	 if(!$this->backends[$bnum]->writeable) {
-	    $this->error = sprintf(_("Addressbook %s is read-only", $bnum));
+	    $this->error = _("Addressbook is read-only");;
 	    return false;
 	 }
 

src/addressbook.php

@@ -202,7 +202,7 @@
 	       printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
 		      htmlspecialchars($olddata["backend"]));
 	       print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
-	       print "</FORM>";	       
+	       print "</FORM>";
 	    }
 	 }
 
@@ -230,9 +230,9 @@
 	       print "</TABLE>\n";
 	       address_form("editaddr", _("Update address"), $newdata);
 	       printf("<INPUT TYPE=hidden NAME=oldnick VALUE=\"%s\">\n",
-		      htmlspecialchars($newdata["nickname"]));
+		      htmlspecialchars($oldnick));
 	       printf("<INPUT TYPE=hidden NAME=backend VALUE=\"%s\">\n",
-		      htmlspecialchars($newdata["backend"]));
+		      htmlspecialchars($backend));
 	       print "<INPUT TYPE=hidden NAME=doedit VALUE=1>\n";
 	       print "</FORM>";