Roundcubemail devel
view | history | commit | commitdiff
Aleksander Machniak
2013-10-17 037af6890fe6fdb84a08d3c86083e847c90ec0ad
commit | author | age
614c64 1 <?php
A 2
041c93 3 /*
614c64 4  +-----------------------------------------------------------------------+
A 5  | program/steps/utils/save_pref.inc                                     |
6  |                                                                       |
e019f2 7  | This file is part of the Roundcube Webmail client                     |
037af6 8  | Copyright (C) 2005-2013, The Roundcube Dev Team                       |
7fe381 9  |                                                                       |
T 10  | Licensed under the GNU General Public License version 3 or            |
11  | any later version with exceptions for skins & plugins.                |
12  | See the README file for a full license statement.                     |
614c64 13  |                                                                       |
A 14  | PURPOSE:                                                              |
15  |   Save preferences setting in database                                |
16  |                                                                       |
17  +-----------------------------------------------------------------------+
18  | Author: Aleksander Machniak <alec@alec.pl>                            |
19  +-----------------------------------------------------------------------+
20 */
21
037af6 22 $name     = get_input_value('_name', RCUBE_INPUT_POST);
AM 23 $value    = get_input_value('_value', RCUBE_INPUT_POST);
24 $sessname = get_input_value('_session', RCUBE_INPUT_POST);
25
26 // Whitelisted preferences and session variables, others
27 // can be added by plugins
e6d376 28 $whitelist = array(
AM 29     'preview_pane',
30     'list_cols',
31     'collapsed_folders',
32     'collapsed_abooks',
33 );
037af6 34 $whitelist_sess = array(
AM 35     'list_attrib/columns',
36 );
e6d376 37
037af6 38 $whitelist      = array_merge($whitelist, $RCMAIL->plugins->allowed_prefs);
AM 39 $whitelist_sess = array_merge($whitelist_sess, $RCMAIL->plugins->allowed_session_prefs);
40
41 if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) {
e6d376 42     raise_error(array('code' => 500, 'type' => 'php',
AM 43         'file' => __FILE__, 'line' => __LINE__,
44         'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())),
45         true, false);
46
47     $OUTPUT->reset();
48     $OUTPUT->send();
49 }
614c64 50
A 51 // save preference value
52 $RCMAIL->user->save_prefs(array($name => $value));
53
54 // update also session if requested
037af6 55 if ($sessname) {
614c64 56     // Support multidimensional arrays...
A 57     $vars = explode('/', $sessname);
58
59     // ... up to 3 levels
60     if (count($vars) == 1)
61         $_SESSION[$vars[0]] = $value;
62     else if (count($vars) == 2)
63         $_SESSION[$vars[0]][$vars[1]] = $value;
64     else if (count($vars) == 3)
65         $_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value;
66 }
67
68 $OUTPUT->reset();
69 $OUTPUT->send();