Mercurial > hg > rc2
comparison program/steps/utils/save_pref.inc @ 0:4681f974d28b
vanilla 1.3.3 distro, I hope
| author | Charlie Root |
|---|---|
| date | Thu, 04 Jan 2018 15:52:31 -0500 |
| parents | |
| children |
comparison
equal
deleted
inserted
replaced
| -1:000000000000 | 0:4681f974d28b |
|---|---|
| 1 <?php | |
| 2 | |
| 3 /** | |
| 4 +-----------------------------------------------------------------------+ | |
| 5 | program/steps/utils/save_pref.inc | | |
| 6 | | | |
| 7 | This file is part of the Roundcube Webmail client | | |
| 8 | Copyright (C) 2005-2013, The Roundcube Dev Team | | |
| 9 | | | |
| 10 | Licensed under the GNU General Public License version 3 or | | |
| 11 | any later version with exceptions for skins & plugins. | | |
| 12 | See the README file for a full license statement. | | |
| 13 | | | |
| 14 | PURPOSE: | | |
| 15 | Save preferences setting in database | | |
| 16 | | | |
| 17 +-----------------------------------------------------------------------+ | |
| 18 | Author: Aleksander Machniak <alec@alec.pl> | | |
| 19 +-----------------------------------------------------------------------+ | |
| 20 */ | |
| 21 | |
| 22 $name = rcube_utils::get_input_value('_name', rcube_utils::INPUT_POST); | |
| 23 $value = rcube_utils::get_input_value('_value', rcube_utils::INPUT_POST); | |
| 24 $sessname = rcube_utils::get_input_value('_session', rcube_utils::INPUT_POST); | |
| 25 | |
| 26 // Whitelisted preferences and session variables, others | |
| 27 // can be added by plugins | |
| 28 $whitelist = array( | |
| 29 'list_cols', | |
| 30 'collapsed_folders', | |
| 31 'collapsed_abooks', | |
| 32 ); | |
| 33 $whitelist_sess = array( | |
| 34 'list_attrib/columns', | |
| 35 ); | |
| 36 | |
| 37 $whitelist = array_merge($whitelist, $RCMAIL->plugins->allowed_prefs); | |
| 38 $whitelist_sess = array_merge($whitelist_sess, $RCMAIL->plugins->allowed_session_prefs); | |
| 39 | |
| 40 if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) { | |
| 41 rcube::raise_error(array('code' => 500, 'type' => 'php', | |
| 42 'file' => __FILE__, 'line' => __LINE__, | |
| 43 'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), | |
| 44 true, false); | |
| 45 | |
| 46 $OUTPUT->reset(); | |
| 47 $OUTPUT->send(); | |
| 48 } | |
| 49 | |
| 50 // save preference value | |
| 51 $RCMAIL->user->save_prefs(array($name => $value)); | |
| 52 | |
| 53 // update also session if requested | |
| 54 if ($sessname) { | |
| 55 // Support multidimensional arrays... | |
| 56 $vars = explode('/', $sessname); | |
| 57 | |
| 58 // ... up to 3 levels | |
| 59 if (count($vars) == 1) | |
| 60 $_SESSION[$vars[0]] = $value; | |
| 61 else if (count($vars) == 2) | |
| 62 $_SESSION[$vars[0]][$vars[1]] = $value; | |
| 63 else if (count($vars) == 3) | |
| 64 $_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value; | |
| 65 } | |
| 66 | |
| 67 $OUTPUT->reset(); | |
| 68 $OUTPUT->send(); |