commit | author | age
|
614c64
|
1 |
<?php |
A |
2 |
/* |
|
3 |
|
|
4 |
+-----------------------------------------------------------------------+ |
|
5 |
| program/steps/utils/save_pref.inc | |
|
6 |
| | |
e019f2
|
7 |
| This file is part of the Roundcube Webmail client | |
395b74
|
8 |
| Copyright (C) 2005-2013, The Roundcube Dev Team | |
614c64
|
9 |
| Licensed under the GNU GPL | |
A |
10 |
| | |
|
11 |
| PURPOSE: | |
|
12 |
| Save preferences setting in database | |
|
13 |
| | |
|
14 |
+-----------------------------------------------------------------------+ |
|
15 |
| Author: Aleksander Machniak <alec@alec.pl> | |
|
16 |
+-----------------------------------------------------------------------+ |
|
17 |
*/ |
|
18 |
|
197203
|
19 |
$name = get_input_value('_name', RCUBE_INPUT_POST); |
AM |
20 |
$value = get_input_value('_value', RCUBE_INPUT_POST); |
|
21 |
$sessname = get_input_value('_session', RCUBE_INPUT_POST); |
|
22 |
|
|
23 |
// Whitelisted preferences and session variables, others |
|
24 |
// can be added by plugins |
395b74
|
25 |
$whitelist = array( |
AM |
26 |
'preview_pane', |
|
27 |
'list_cols', |
|
28 |
'collapsed_folders', |
|
29 |
'collapsed_abooks', |
|
30 |
); |
197203
|
31 |
$whitelist_sess = array( |
AM |
32 |
'list_attrib/columns', |
|
33 |
); |
395b74
|
34 |
|
197203
|
35 |
$whitelist = array_merge($whitelist, $RCMAIL->plugins->allowed_prefs); |
AM |
36 |
$whitelist_sess = array_merge($whitelist_sess, $RCMAIL->plugins->allowed_session_prefs); |
|
37 |
|
|
38 |
if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) { |
395b74
|
39 |
raise_error(array('code' => 500, 'type' => 'php', |
AM |
40 |
'file' => __FILE__, 'line' => __LINE__, |
|
41 |
'message' => sprintf("Hack attempt detected (user: %s)", $_SESSION['username'])), |
|
42 |
true, false); |
|
43 |
|
|
44 |
$OUTPUT->reset(); |
|
45 |
$OUTPUT->send(); |
|
46 |
} |
614c64
|
47 |
|
A |
48 |
// save preference value |
|
49 |
$RCMAIL->user->save_prefs(array($name => $value)); |
|
50 |
|
|
51 |
// update also session if requested |
197203
|
52 |
if ($sessname) { |
614c64
|
53 |
// Support multidimensional arrays... |
A |
54 |
$vars = explode('/', $sessname); |
|
55 |
|
|
56 |
// ... up to 3 levels |
|
57 |
if (count($vars) == 1) |
|
58 |
$_SESSION[$vars[0]] = $value; |
|
59 |
else if (count($vars) == 2) |
|
60 |
$_SESSION[$vars[0]][$vars[1]] = $value; |
|
61 |
else if (count($vars) == 3) |
|
62 |
$_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value; |
|
63 |
} |
|
64 |
|
|
65 |
$OUTPUT->reset(); |
|
66 |
$OUTPUT->send(); |