summaryrefslogtreecommitdiff
path: root/program/steps/settings/save_identity.inc
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2006-03-03 16:34:35 +0000
committerthomascube <thomas@roundcube.net>2006-03-03 16:34:35 +0000
commitea7c46b4f37691702b8e78dea34c3e9a3afb232d (patch)
tree68820a04bbba541690f578a3a5e0602ab3b082ad /program/steps/settings/save_identity.inc
parent8eba3000888d596263eb2b8923dacd20cd816878 (diff)
Improved reading of POST and GET values
Diffstat (limited to 'program/steps/settings/save_identity.inc')
-rw-r--r--program/steps/settings/save_identity.inc5
1 files changed, 3 insertions, 2 deletions
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 1bfbf48e6..f5780de4b 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -20,6 +20,7 @@
*/
$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature');
+$a_html_cols = array('signature');
// check input
@@ -44,7 +45,7 @@ if ($_POST['_iid'])
$a_write_sql[] = sprintf("%s=%s",
$DB->quoteIdentifier($col),
- $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset())));
+ $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols))));
}
if (sizeof($a_write_sql))
@@ -99,7 +100,7 @@ else
continue;
$a_insert_cols[] = $DB->quoteIdentifier($col);
- $a_insert_values[] = $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset()));
+ $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols)));
}
if (sizeof($a_insert_cols))