diff options
author | thomascube <thomas@roundcube.net> | 2006-03-03 16:34:35 +0000 |
---|---|---|
committer | thomascube <thomas@roundcube.net> | 2006-03-03 16:34:35 +0000 |
commit | ea7c46b4f37691702b8e78dea34c3e9a3afb232d (patch) | |
tree | 68820a04bbba541690f578a3a5e0602ab3b082ad /program/steps/settings | |
parent | 8eba3000888d596263eb2b8923dacd20cd816878 (diff) |
Improved reading of POST and GET values
Diffstat (limited to 'program/steps/settings')
-rw-r--r-- | program/steps/settings/manage_folders.inc | 16 | ||||
-rw-r--r-- | program/steps/settings/save_identity.inc | 5 |
2 files changed, 11 insertions, 10 deletions
diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc index 6f49018e7..86b9bb7fe 100644 --- a/program/steps/settings/manage_folders.inc +++ b/program/steps/settings/manage_folders.inc @@ -29,7 +29,7 @@ if ($_action=='subscribe') if (strlen($_GET['_mboxes'])) $IMAP->subscribe(array($_GET['_mboxes'])); - if ($_GET['_remote']) + if ($REMOTE_REQUEST) rcube_remote_response('// subscribed'); } @@ -39,22 +39,22 @@ else if ($_action=='unsubscribe') if (strlen($_GET['_mboxes'])) $IMAP->unsubscribe(array($_GET['_mboxes'])); - if ($_GET['_remote']) + if ($REMOTE_REQUEST) rcube_remote_response('// unsubscribed'); } // create a new mailbox else if ($_action=='create-folder') { - if (strlen($_GET['_name'])) - $create = $IMAP->create_mailbox(rcube_charset_convert(strip_tags(trim($_GET['_name'])), $OUTPUT->get_charset()), TRUE); + if (!empty($_GET['_name'])) + $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_GET)), TRUE); - if ($create && $_GET['_remote']) + if ($create && $REMOTE_REQUEST) { $commands = sprintf("this.add_folder_row('%s')", rep_specialchars_output($create, 'js')); rcube_remote_response($commands); } - else if (!$create && $_GET['_remote']) + else if (!$create && $REMOTE_REQUEST) { $commands = show_message('errorsaving', 'error'); rcube_remote_response($commands); @@ -69,9 +69,9 @@ else if ($_action=='delete-folder') if (strlen($_GET['_mboxes'])) $deleted = $IMAP->delete_mailbox(array($_GET['_mboxes'])); - if ($_GET['_remote'] && $deleted) + if ($REMOTE_REQUEST && $deleted) rcube_remote_response(sprintf("this.remove_folder_row('%s')", rep_specialchars_output($_GET['_mboxes'], 'js'))); - else if ($_GET['_remote']) + else if ($REMOTE_REQUEST) { $commands = show_message('errorsaving', 'error'); rcube_remote_response($commands); diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc index 1bfbf48e6..f5780de4b 100644 --- a/program/steps/settings/save_identity.inc +++ b/program/steps/settings/save_identity.inc @@ -20,6 +20,7 @@ */ $a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature'); +$a_html_cols = array('signature'); // check input @@ -44,7 +45,7 @@ if ($_POST['_iid']) $a_write_sql[] = sprintf("%s=%s", $DB->quoteIdentifier($col), - $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset()))); + $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols)))); } if (sizeof($a_write_sql)) @@ -99,7 +100,7 @@ else continue; $a_insert_cols[] = $DB->quoteIdentifier($col); - $a_insert_values[] = $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset())); + $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols))); } if (sizeof($a_insert_cols)) |