. "$_EXEC/pdiread.sh"
. "$_EXEC/session_lock.sh"
+unset filter order card action newfield
+unset cardfile attfile tempfile
+unset vcf field cnt delete_key
+
filter="$(REF f)"
order="$(REF o)"
-card="$(POST card)"
-cardfile="$_DATA/vcard/$card"
+card="$(POST card |PATH)"
+cardfile="$_DATA/vcard/${card##*/}"
attfile="$_DATA/mappings/attendance"
action="$(POST action)"
-newfield="$(POST newfield)"
+newfield="$(POST newfield |grep -m 1 -xE '[A-Z][A-Z0-9-]*')"
+
+if printf '%s\n' "$action" |grep -qxE 'addfield [A-Z][A-Z0-9]*'; then
+ newfield="${action##* }"
+ action=addfield
+fi
if ! tempfile=$(CHECK_SLOCK "$cardfile"); then
SET_COOKIE 0 message="NO VALID FILE LOCK"