summaryrefslogtreecommitdiff
path: root/program/steps/settings
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2006-03-03 16:34:35 +0000
committerthomascube <thomas@roundcube.net>2006-03-03 16:34:35 +0000
commitea7c46b4f37691702b8e78dea34c3e9a3afb232d (patch)
tree68820a04bbba541690f578a3a5e0602ab3b082ad /program/steps/settings
parent8eba3000888d596263eb2b8923dacd20cd816878 (diff)
Improved reading of POST and GET values
Diffstat (limited to 'program/steps/settings')
-rw-r--r--program/steps/settings/manage_folders.inc16
-rw-r--r--program/steps/settings/save_identity.inc5
2 files changed, 11 insertions, 10 deletions
diff --git a/program/steps/settings/manage_folders.inc b/program/steps/settings/manage_folders.inc
index 6f49018e7..86b9bb7fe 100644
--- a/program/steps/settings/manage_folders.inc
+++ b/program/steps/settings/manage_folders.inc
@@ -29,7 +29,7 @@ if ($_action=='subscribe')
if (strlen($_GET['_mboxes']))
$IMAP->subscribe(array($_GET['_mboxes']));
- if ($_GET['_remote'])
+ if ($REMOTE_REQUEST)
rcube_remote_response('// subscribed');
}
@@ -39,22 +39,22 @@ else if ($_action=='unsubscribe')
if (strlen($_GET['_mboxes']))
$IMAP->unsubscribe(array($_GET['_mboxes']));
- if ($_GET['_remote'])
+ if ($REMOTE_REQUEST)
rcube_remote_response('// unsubscribed');
}
// create a new mailbox
else if ($_action=='create-folder')
{
- if (strlen($_GET['_name']))
- $create = $IMAP->create_mailbox(rcube_charset_convert(strip_tags(trim($_GET['_name'])), $OUTPUT->get_charset()), TRUE);
+ if (!empty($_GET['_name']))
+ $create = $IMAP->create_mailbox(trim(get_input_value('_name', RCUBE_INPUT_GET)), TRUE);
- if ($create && $_GET['_remote'])
+ if ($create && $REMOTE_REQUEST)
{
$commands = sprintf("this.add_folder_row('%s')", rep_specialchars_output($create, 'js'));
rcube_remote_response($commands);
}
- else if (!$create && $_GET['_remote'])
+ else if (!$create && $REMOTE_REQUEST)
{
$commands = show_message('errorsaving', 'error');
rcube_remote_response($commands);
@@ -69,9 +69,9 @@ else if ($_action=='delete-folder')
if (strlen($_GET['_mboxes']))
$deleted = $IMAP->delete_mailbox(array($_GET['_mboxes']));
- if ($_GET['_remote'] && $deleted)
+ if ($REMOTE_REQUEST && $deleted)
rcube_remote_response(sprintf("this.remove_folder_row('%s')", rep_specialchars_output($_GET['_mboxes'], 'js')));
- else if ($_GET['_remote'])
+ else if ($REMOTE_REQUEST)
{
$commands = show_message('errorsaving', 'error');
rcube_remote_response($commands);
diff --git a/program/steps/settings/save_identity.inc b/program/steps/settings/save_identity.inc
index 1bfbf48e6..f5780de4b 100644
--- a/program/steps/settings/save_identity.inc
+++ b/program/steps/settings/save_identity.inc
@@ -20,6 +20,7 @@
*/
$a_save_cols = array('name', 'email', 'organization', 'reply-to', 'bcc', 'standard', 'signature');
+$a_html_cols = array('signature');
// check input
@@ -44,7 +45,7 @@ if ($_POST['_iid'])
$a_write_sql[] = sprintf("%s=%s",
$DB->quoteIdentifier($col),
- $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset())));
+ $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols))));
}
if (sizeof($a_write_sql))
@@ -99,7 +100,7 @@ else
continue;
$a_insert_cols[] = $DB->quoteIdentifier($col);
- $a_insert_values[] = $DB->quote(rcube_charset_convert(strip_tags($_POST[$fname]), $OUTPUT->get_charset()));
+ $a_insert_values[] = $DB->quote(get_input_value($fname, RCUBE_INPUT_POST, in_array($col, $a_html_cols)));
}
if (sizeof($a_insert_cols))