From 3ea0e3202a73eb7efcbf0b825582a6d3504658aa Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 01 Sep 2006 09:43:14 -0400
Subject: [PATCH] Quota display as image

---
 program/steps/settings/save_identity.inc |   26 +++++++++++++++-----------
 1 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index dc61b78..ffbcfe3 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -20,6 +20,7 @@
 */
 
 $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature');
+$a_html_cols = array('signature');
 
 
 // check input
@@ -42,7 +43,9 @@
     if (!isset($_POST[$fname]))
       continue;
 
-    $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
+    $a_write_sql[] = sprintf("%s=%s",
+                             $DB->quoteIdentifier($col),
+                             $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols))));
     }
 
   if (sizeof($a_write_sql))
@@ -52,7 +55,7 @@
                 WHERE  identity_id=?
                 AND    user_id=?
                 AND    del<>1",
-                $_POST['_iid'],
+                get_input_value('_iid', RCUBE_INPUT_POST),
                 $_SESSION['user_id']);
                        
     $updated = $DB->affected_rows();
@@ -63,13 +66,14 @@
     show_message('successfullysaved', 'confirmation');
 
     // mark all other identities as 'not-default'
-    $DB->query("UPDATE ".get_table_name('identities')."
-                SET ".$DB->quoteIdentifier('standard')."='0'
-                WHERE  user_id=?
-                AND    identity_id<>?
-                AND    del<>1",
-                $_SESSION['user_id'],
-                $_POST['_iid']);
+    if (!empty($_POST['_standard']))
+      $DB->query("UPDATE ".get_table_name('identities')."
+                  SET ".$DB->quoteIdentifier('standard')."='0'
+                  WHERE  user_id=?
+                  AND    identity_id<>?
+                  AND    del<>1",
+                  $_SESSION['user_id'],
+                  get_input_value('_iid', RCUBE_INPUT_POST));
     
     if ($_POST['_framed'])
       {
@@ -77,7 +81,7 @@
       // ...      
       }
     }
-  else
+  else if ($DB->is_error())
     {
     // show error message
     show_message('errorsaving', 'error');
@@ -97,7 +101,7 @@
       continue;
     
     $a_insert_cols[] = $DB->quoteIdentifier($col);
-    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
+    $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols)));
     }
     
   if (sizeof($a_insert_cols))

--
Gitblit v1.9.1