From cead5c727147faac362e742aa7bcecf07f68cd99 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 18 May 2006 17:24:42 -0400
Subject: [PATCH] Updated CHANGELOG

---
 program/steps/settings/save_identity.inc |   21 ++++++++++++---------
 1 files changed, 12 insertions(+), 9 deletions(-)

diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 2e42987..f099ea5 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -19,7 +19,8 @@
 
 */
 
-$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'default');
+$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature');
+$a_html_cols = array('signature');
 
 
 // check input
@@ -42,7 +43,9 @@
     if (!isset($_POST[$fname]))
       continue;
 
-    $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), $DB->quote(strip_tags($_POST[$fname])));
+    $a_write_sql[] = sprintf("%s=%s",
+                             $DB->quoteIdentifier($col),
+                             $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols))));
     }
 
   if (sizeof($a_write_sql))
@@ -51,7 +54,7 @@
                 SET ".join(', ', $a_write_sql)."
                 WHERE  identity_id=?
                 AND    user_id=?
-                AND    del<>'1'",
+                AND    del<>1",
                 $_POST['_iid'],
                 $_SESSION['user_id']);
                        
@@ -64,10 +67,10 @@
 
     // mark all other identities as 'not-default'
     $DB->query("UPDATE ".get_table_name('identities')."
-                SET ".$DB->quoteIdentifier('default')."='0'
+                SET ".$DB->quoteIdentifier('standard')."='0'
                 WHERE  user_id=?
                 AND    identity_id<>?
-                AND    del<>'1'",
+                AND    del<>1",
                 $_SESSION['user_id'],
                 $_POST['_iid']);
     
@@ -77,7 +80,7 @@
       // ...      
       }
     }
-  else
+  else if ($DB->is_error())
     {
     // show error message
     show_message('errorsaving', 'error');
@@ -97,7 +100,7 @@
       continue;
     
     $a_insert_cols[] = $DB->quoteIdentifier($col);
-    $a_insert_values[] = $DB->quote(strip_tags($_POST[$fname]));
+    $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols)));
     }
     
   if (sizeof($a_insert_cols))
@@ -106,8 +109,8 @@
                 (user_id, ".join(', ', $a_insert_cols).")
                 VALUES (?, ".join(', ', $a_insert_values).")",
                 $_SESSION['user_id']);
-                       
-    $insert_id = $DB->insert_id();
+
+    $insert_id = $DB->insert_id(get_sequence_name('identities'));
     }
     
   if ($insert_id)

--
Gitblit v1.9.1