diff options
Diffstat (limited to 'program/steps/utils')
-rw-r--r-- | program/steps/utils/html2text.inc | 4 | ||||
-rw-r--r-- | program/steps/utils/save_pref.inc | 16 |
2 files changed, 17 insertions, 3 deletions
diff --git a/program/steps/utils/html2text.inc b/program/steps/utils/html2text.inc index e17665fec..c6481b197 100644 --- a/program/steps/utils/html2text.inc +++ b/program/steps/utils/html2text.inc @@ -24,10 +24,8 @@ $html = $HTTP_RAW_POST_DATA; // Replace emoticon images with its text representation $html = rcmail_replace_emoticons($html); -$converter = new html2text($html, false, true, 0); +$converter = new rcube_html2text($html, false, true, 0); header('Content-Type: text/plain; charset=UTF-8'); print rtrim($converter->get_text()); exit; - - diff --git a/program/steps/utils/save_pref.inc b/program/steps/utils/save_pref.inc index b550ad7ef..7def8733d 100644 --- a/program/steps/utils/save_pref.inc +++ b/program/steps/utils/save_pref.inc @@ -21,6 +21,22 @@ $name = get_input_value('_name', RCUBE_INPUT_POST); $value = get_input_value('_value', RCUBE_INPUT_POST); +$whitelist = array( + 'preview_pane', + 'list_cols', + 'collapsed_folders', + 'collapsed_abooks', +); + +if (!in_array($name, array_merge($whitelist, $RCMAIL->plugins->allowed_prefs))) { + raise_error(array('code' => 500, 'type' => 'php', + 'file' => __FILE__, 'line' => __LINE__, + 'message' => sprintf("Hack attempt detected (user: %s)", $RCMAIL->get_user_name())), + true, false); + + $OUTPUT->reset(); + $OUTPUT->send(); +} // save preference value $RCMAIL->user->save_prefs(array($name => $value)); |