| | |
|---|
| | | | program/steps/utils/save_pref.inc | |
|---|
| | | | | |
|---|
| | | | This file is part of the Roundcube Webmail client | |
|---|
| | | | Copyright (C) 2005-2010, Roundcube Dev. - Switzerland | |
|---|
| | | | Licensed under the GNU GPL | |
|---|
| | | | Copyright (C) 2005-2013, The Roundcube Dev Team | |
|---|
| | | | | |
|---|
| | | | Licensed under the GNU General Public License version 3 or | |
|---|
| | | | any later version with exceptions for skins & plugins. | |
|---|
| | | | See the README file for a full license statement. | |
|---|
| | | | | |
|---|
| | | | PURPOSE: | |
|---|
| | | | Save preferences setting in database | |
|---|
| | |
|---|
| | | +-----------------------------------------------------------------------+ |
|---|
| | | | Author: Aleksander Machniak <alec@alec.pl> | |
|---|
| | | +-----------------------------------------------------------------------+ |
|---|
| | | |
|---|
| | | $Id$ |
|---|
| | | |
|---|
| | | */ |
|---|
| | | |
|---|
| | | $name = get_input_value('_name', RCUBE_INPUT_POST); |
|---|
| | | $value = get_input_value('_value', RCUBE_INPUT_POST); |
|---|
| | | $whitelist = array( |
|---|
| | | 'preview_pane', |
|---|
| | | 'list_cols', |
|---|
| | | 'collapsed_folders', |
|---|
| | | 'collapsed_abooks', |
|---|
| | | ); |
|---|
| | | |
|---|
| | | if (!in_array($name, array_merge($whitelist, $RCMAIL->plugins->allowed_prefs))) { |
|---|
| | | raise_error(array('code' => 500, 'type' => 'php', |
|---|
| | | 'file' => __FILE__, 'line' => __LINE__, |
|---|
| | | 'message' => sprintf("Hack attempt detected (user: %s)", $_SESSION['username'])), |
|---|
| | | true, false); |
|---|
| | | |
|---|
| | | $OUTPUT->reset(); |
|---|
| | | $OUTPUT->send(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // save preference value |
|---|
| | | $RCMAIL->user->save_prefs(array($name => $value)); |
|---|
| | |
|---|
| | | |
|---|
| | | $OUTPUT->reset(); |
|---|
| | | $OUTPUT->send(); |
|---|
| | | |
|---|
| | | |
|---|
