mirror of
https://github.com/roundcube/roundcubemail.git
synced 2026-03-03 14:54:01 +01:00
e7d7e62146
* fix "integer_literal_case" * fix "phpdoc_separation" * fix "phpdoc_var_without_name" * fix "operator_linebreak" * fix "no_alias_language_construct_call" * fix "list_syntax" * fix "concat_space" * fix "array_syntax" * fix "binary_operator_spaces" * fix "binary_operator_spaces" relaxed * fix "phpdoc_types_order" * fix "phpdoc_trim" * fix "native_type_declaration_casing" * fix "method_chaining_indentation" * fix "phpdoc_no_package" * fix "elseif" * fix PHP CS Fixer config itself too * fix "native_type_declaration_casing"
91 lines
3.3 KiB
PHP
91 lines
3.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
+-----------------------------------------------------------------------+
|
|
| This file is part of the Roundcube Webmail client |
|
|
| |
|
|
| Copyright (C) The Roundcube Dev Team |
|
|
| |
|
|
| Licensed under the GNU General Public License version 3 or |
|
|
| any later version with exceptions for skins & plugins. |
|
|
| See the README file for a full license statement. |
|
|
| |
|
|
| PURPOSE: |
|
|
| Save preferences setting in database |
|
|
+-----------------------------------------------------------------------+
|
|
| Author: Aleksander Machniak <alec@alec.pl> |
|
|
+-----------------------------------------------------------------------+
|
|
*/
|
|
|
|
class rcmail_action_utils_save_pref extends rcmail_action
|
|
{
|
|
// only process ajax requests
|
|
protected static $mode = self::MODE_AJAX;
|
|
|
|
/**
|
|
* Request handler.
|
|
*
|
|
* @param array $args Arguments from the previous step(s)
|
|
*/
|
|
public function run($args = [])
|
|
{
|
|
$rcmail = rcmail::get_instance();
|
|
$name = rcube_utils::get_input_string('_name', rcube_utils::INPUT_POST);
|
|
$value = rcube_utils::get_input_value('_value', rcube_utils::INPUT_POST);
|
|
$sessname = rcube_utils::get_input_string('_session', rcube_utils::INPUT_POST);
|
|
|
|
// Whitelisted preferences and session variables, others
|
|
// can be added by plugins
|
|
$whitelist = [
|
|
'list_cols',
|
|
'collapsed_folders',
|
|
'collapsed_abooks',
|
|
];
|
|
|
|
$whitelist_sess = [
|
|
'list_attrib/columns',
|
|
];
|
|
|
|
$whitelist = array_merge($whitelist, $rcmail->plugins->allowed_prefs);
|
|
$whitelist_sess = array_merge($whitelist_sess, $rcmail->plugins->allowed_session_prefs);
|
|
|
|
if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) {
|
|
rcube::raise_error([
|
|
'code' => 500,
|
|
'file' => __FILE__,
|
|
'line' => __LINE__,
|
|
'message' => sprintf("Hack attempt detected (user: %s)", $rcmail->get_user_name()),
|
|
],
|
|
true,
|
|
false
|
|
);
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
|
|
// save preference value
|
|
$rcmail->user->save_prefs([$name => $value]);
|
|
|
|
// update also session if requested
|
|
if ($sessname) {
|
|
// Support multidimensional arrays...
|
|
$vars = explode('/', $sessname);
|
|
|
|
// ... up to 3 levels
|
|
if (count($vars) == 1) {
|
|
$_SESSION[$vars[0]] = $value;
|
|
}
|
|
elseif (count($vars) == 2) {
|
|
$_SESSION[$vars[0]][$vars[1]] = $value;
|
|
}
|
|
elseif (count($vars) == 3) {
|
|
$_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value;
|
|
}
|
|
}
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
}
|