From f91f8533678c388b879d9e999a6bcc9e22ad7e19 Mon Sep 17 00:00:00 2001
From: Hugues Hiegel <root@paranoid>
Date: Tue, 5 Aug 2014 16:44:07 +0200
Subject: lot of stuff

---
 program/lib/Roundcube/rcube_user.php | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

(limited to 'program/lib/Roundcube/rcube_user.php')

diff --git a/program/lib/Roundcube/rcube_user.php b/program/lib/Roundcube/rcube_user.php
index 57f63361d..505b190d1 100644
--- a/program/lib/Roundcube/rcube_user.php
+++ b/program/lib/Roundcube/rcube_user.php
@@ -163,16 +163,8 @@ class rcube_user
         if (!$this->ID)
             return false;
 
-        $plugin = $this->rc->plugins->exec_hook('preferences_update', array(
-            'userid' => $this->ID, 'prefs' => $a_user_prefs, 'old' => (array)$this->get_prefs()));
-
-        if (!empty($plugin['abort'])) {
-            return;
-        }
-
-        $a_user_prefs = $plugin['prefs'];
-        $old_prefs    = $plugin['old'];
-        $config       = $this->rc->config;
+        $config    = $this->rc->config;
+        $old_prefs = (array)$this->get_prefs();
 
         // merge (partial) prefs array with existing settings
         $save_prefs = $a_user_prefs + $old_prefs;
@@ -503,9 +495,9 @@ class rcube_user
             "INSERT INTO ".$dbh->table_name('users').
             " (created, last_login, username, mail_host, language)".
             " VALUES (".$dbh->now().", ".$dbh->now().", ?, ?, ?)",
-            $data['user'],
-            $data['host'],
-            $data['language']);
+            strip_newlines($data['user']),
+            strip_newlines($data['host']),
+            strip_newlines($data['language']));
 
         if ($user_id = $dbh->insert_id('users')) {
             // create rcube_user instance to make plugin hooks work
@@ -525,7 +517,7 @@ class rcube_user
                 if (empty($user_email)) {
                     $user_email = strpos($data['user'], '@') ? $user : sprintf('%s@%s', $data['user'], $mail_domain);
                 }
-                $email_list[] = $user_email;
+                $email_list[] = strip_newlines($user_email);
             }
             // identities_level check
             else if (count($email_list) > 1 && $rcube->config->get('identities_level', 0) > 1) {
@@ -555,6 +547,7 @@ class rcube_user
                     $record['name'] = $user_name != $record['email'] ? $user_name : '';
                 }
 
+                $record['name']     = strip_newlines($record['name']);
                 $record['user_id']  = $user_id;
                 $record['standard'] = $standard;
 
-- 
cgit v1.2.3