From d5342aabcfeddb959cc286befe6de5bf35fe9d76 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Sun, 25 Nov 2007 14:45:38 -0500
Subject: [PATCH] More input sanitizing

---
 program/steps/settings/func.inc |   26 +++++++++++++++++---------
 1 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/program/steps/settings/func.inc b/program/steps/settings/func.inc
index e51f683..ecdbcbd 100644
--- a/program/steps/settings/func.inc
+++ b/program/steps/settings/func.inc
@@ -5,7 +5,7 @@
  | program/steps/settings/func.inc                                       |
  |                                                                       |
  | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005, RoundCube Dev. - Switzerland                      |
+ | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -26,7 +26,9 @@
                           $_SESSION['user_id']);
                                  
 if ($USER_DATA = $DB->fetch_assoc($sql_result))
-  $PAGE_TITLE = sprintf('%s %s@%s', rcube_label('settingsfor'), $USER_DATA['username'], $USER_DATA['mail_host']);
+{
+  $OUTPUT->set_pagetitle(rcube_label('settingsfor') . " ". $USER_DATA['username'] . (!strpos($USER_DATA['username'], '@') ? '@'.$USER_DATA['mail_host'] : ''));
+}
 
 
 
@@ -97,7 +99,7 @@
     $select_timezone->add('(GMT +8:00) Beijing, Perth, Singapore, Taipei', '8');
     $select_timezone->add('(GMT +9:00) Tokyo, Seoul, Yakutsk', '9');
     $select_timezone->add('(GMT +9:30) Adelaide, Darwin', '9.5');
-    $select_timezone->add('(GMT +10:00) EAST/AEST: Guam, Vladivostok', '10');
+    $select_timezone->add('(GMT +10:00) EAST/AEST: Sydney, Guam, Vladivostok', '10');
     $select_timezone->add('(GMT +11:00) Magadan, Solomon Islands', '11');
     $select_timezone->add('(GMT +12:00) Auckland, Wellington, Kamchatka', '12');
     $select_timezone->add('(GMT +13:00) Tonga, Pheonix Islands', '13');
@@ -202,7 +204,7 @@
 
 function rcmail_identities_list($attrib)
   {
-  global $DB, $CONFIG, $OUTPUT, $JS_OBJECT_NAME;
+  global $DB, $CONFIG, $OUTPUT;
 
 
   // get contacts from DB
@@ -224,8 +226,7 @@
   $out = rcube_table_output($attrib, $sql_result, $a_show_cols, 'identity_id');
   
   // set client env
-  $javascript = sprintf("%s.gui_object('identitieslist', '%s');\n", $JS_OBJECT_NAME, $attrib['id']);
-  $OUTPUT->add_script($javascript);    
+  $OUTPUT->add_gui_object('identitieslist', $attrib['id']);
 
   return $out;
   }
@@ -235,7 +236,7 @@
 // similar function as in /steps/addressbook/edit.inc
 function get_form_tags($attrib, $action, $add_hidden=array())
   {
-  global $OUTPUT, $JS_OBJECT_NAME, $EDIT_FORM, $SESS_HIDDEN_FIELD;  
+  global $OUTPUT, $EDIT_FORM, $SESS_HIDDEN_FIELD;  
 
   $form_start = '';
   if (!strlen($EDIT_FORM))
@@ -258,7 +259,7 @@
   $form_name = strlen($attrib['form']) ? $attrib['form'] : 'form';
 
   if (!strlen($EDIT_FORM))
-    $OUTPUT->add_script("$JS_OBJECT_NAME.gui_object('editform', '$form_name');");
+    $OUTPUT->add_gui_object('editform', $form_name);
   
   $EDIT_FORM = $form_name;
 
@@ -266,4 +267,11 @@
   }
 
 
-?>
\ No newline at end of file
+// register UI objects
+$OUTPUT->add_handlers(array(
+  'userprefs' => 'rcmail_user_prefs_form',
+  'itentitieslist' => 'rcmail_identities_list'
+));
+
+
+?>

--
Gitblit v1.9.1