commit | author | age
|
614c64
|
1 |
<?php |
A |
2 |
|
041c93
|
3 |
/* |
614c64
|
4 |
+-----------------------------------------------------------------------+ |
A |
5 |
| program/steps/utils/save_pref.inc | |
|
6 |
| | |
e019f2
|
7 |
| This file is part of the Roundcube Webmail client | |
037af6
|
8 |
| Copyright (C) 2005-2013, The Roundcube Dev Team | |
7fe381
|
9 |
| | |
T |
10 |
| Licensed under the GNU General Public License version 3 or | |
|
11 |
| any later version with exceptions for skins & plugins. | |
|
12 |
| See the README file for a full license statement. | |
614c64
|
13 |
| | |
A |
14 |
| PURPOSE: | |
|
15 |
| Save preferences setting in database | |
|
16 |
| | |
|
17 |
+-----------------------------------------------------------------------+ |
|
18 |
| Author: Aleksander Machniak <alec@alec.pl> | |
|
19 |
+-----------------------------------------------------------------------+ |
|
20 |
*/ |
|
21 |
|
037af6
|
22 |
$name = get_input_value('_name', RCUBE_INPUT_POST); |
AM |
23 |
$value = get_input_value('_value', RCUBE_INPUT_POST); |
|
24 |
$sessname = get_input_value('_session', RCUBE_INPUT_POST); |
|
25 |
|
|
26 |
// Whitelisted preferences and session variables, others |
|
27 |
// can be added by plugins |
e6d376
|
28 |
$whitelist = array( |
AM |
29 |
'preview_pane', |
|
30 |
'list_cols', |
|
31 |
'collapsed_folders', |
|
32 |
'collapsed_abooks', |
|
33 |
); |
037af6
|
34 |
$whitelist_sess = array( |
AM |
35 |
'list_attrib/columns', |
|
36 |
); |
e6d376
|
37 |
|
037af6
|
38 |
$whitelist = array_merge($whitelist, $RCMAIL->plugins->allowed_prefs); |
AM |
39 |
$whitelist_sess = array_merge($whitelist_sess, $RCMAIL->plugins->allowed_session_prefs); |
|
40 |
|
|
41 |
if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) { |
e6d376
|
42 |
raise_error(array('code' => 500, 'type' => 'php', |
AM |
43 |
'file' => __FILE__, 'line' => __LINE__, |
|
44 |
'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), |
|
45 |
true, false); |
|
46 |
|
|
47 |
$OUTPUT->reset(); |
|
48 |
$OUTPUT->send(); |
|
49 |
} |
614c64
|
50 |
|
A |
51 |
// save preference value |
|
52 |
$RCMAIL->user->save_prefs(array($name => $value)); |
|
53 |
|
|
54 |
// update also session if requested |
037af6
|
55 |
if ($sessname) { |
614c64
|
56 |
// Support multidimensional arrays... |
A |
57 |
$vars = explode('/', $sessname); |
|
58 |
|
|
59 |
// ... up to 3 levels |
|
60 |
if (count($vars) == 1) |
|
61 |
$_SESSION[$vars[0]] = $value; |
|
62 |
else if (count($vars) == 2) |
|
63 |
$_SESSION[$vars[0]][$vars[1]] = $value; |
|
64 |
else if (count($vars) == 3) |
|
65 |
$_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value; |
|
66 |
} |
|
67 |
|
|
68 |
$OUTPUT->reset(); |
|
69 |
$OUTPUT->send(); |