mirror of
https://github.com/roundcube/roundcubemail.git
synced 2026-03-23 08:16:57 +01:00
a8707ae220
* Assert CS using CI * fix "single_blank_line_at_eof" * fix "statement_indentation" * fix "switch_case_semicolon_to_colon" * fix "control_structure_braces" * fix "statement_indentation" * fix "no_whitespace_in_blank_line" * fix "no_trailing_whitespace_in_comment" * fix "no_trailing_whitespace" * fix "single_space_around_construct" * fix "spaces_inside_parentheses" * fix "ternary_operator_spaces" * fix "trim_array_spaces" * fix "whitespace_after_comma_in_array" * fix "cast_spaces" * fix "unary_operator_spaces" * fix "no_trailing_comma_in_singleline" * fix "ordered_imports" * fix "no_unused_imports" * Check composer.json format * fix CI job name * file header comments are not phpdoc * fix "phpdoc_indent" * fix "braces_position" * fix "phpdoc_types" * fix "no_blank_lines_after_class_opening" * fix "no_multiple_statements_per_line" * fix "multiline_comment_opening_closing" * fix "single_line_empty_body" * fix "non_printable_character" * fix "phpdoc_trim_consecutive_blank_line_separation" * fix "include" * fix "no_mixed_echo_print" --------- Co-authored-by: Aleksander Machniak <alec@alec.pl>
91 lines
3.3 KiB
PHP
91 lines
3.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
+-----------------------------------------------------------------------+
|
|
| This file is part of the Roundcube Webmail client |
|
|
| |
|
|
| Copyright (C) The Roundcube Dev Team |
|
|
| |
|
|
| Licensed under the GNU General Public License version 3 or |
|
|
| any later version with exceptions for skins & plugins. |
|
|
| See the README file for a full license statement. |
|
|
| |
|
|
| PURPOSE: |
|
|
| Save preferences setting in database |
|
|
+-----------------------------------------------------------------------+
|
|
| Author: Aleksander Machniak <alec@alec.pl> |
|
|
+-----------------------------------------------------------------------+
|
|
*/
|
|
|
|
class rcmail_action_utils_save_pref extends rcmail_action
|
|
{
|
|
// only process ajax requests
|
|
protected static $mode = self::MODE_AJAX;
|
|
|
|
/**
|
|
* Request handler.
|
|
*
|
|
* @param array $args Arguments from the previous step(s)
|
|
*/
|
|
public function run($args = [])
|
|
{
|
|
$rcmail = rcmail::get_instance();
|
|
$name = rcube_utils::get_input_string('_name', rcube_utils::INPUT_POST);
|
|
$value = rcube_utils::get_input_value('_value', rcube_utils::INPUT_POST);
|
|
$sessname = rcube_utils::get_input_string('_session', rcube_utils::INPUT_POST);
|
|
|
|
// Whitelisted preferences and session variables, others
|
|
// can be added by plugins
|
|
$whitelist = [
|
|
'list_cols',
|
|
'collapsed_folders',
|
|
'collapsed_abooks',
|
|
];
|
|
|
|
$whitelist_sess = [
|
|
'list_attrib/columns',
|
|
];
|
|
|
|
$whitelist = array_merge($whitelist, $rcmail->plugins->allowed_prefs);
|
|
$whitelist_sess = array_merge($whitelist_sess, $rcmail->plugins->allowed_session_prefs);
|
|
|
|
if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) {
|
|
rcube::raise_error([
|
|
'code' => 500,
|
|
'file' => __FILE__,
|
|
'line' => __LINE__,
|
|
'message' => sprintf("Hack attempt detected (user: %s)", $rcmail->get_user_name())
|
|
],
|
|
true,
|
|
false
|
|
);
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
|
|
// save preference value
|
|
$rcmail->user->save_prefs([$name => $value]);
|
|
|
|
// update also session if requested
|
|
if ($sessname) {
|
|
// Support multidimensional arrays...
|
|
$vars = explode('/', $sessname);
|
|
|
|
// ... up to 3 levels
|
|
if (count($vars) == 1) {
|
|
$_SESSION[$vars[0]] = $value;
|
|
}
|
|
else if (count($vars) == 2) {
|
|
$_SESSION[$vars[0]][$vars[1]] = $value;
|
|
}
|
|
else if (count($vars) == 3) {
|
|
$_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value;
|
|
}
|
|
}
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
}
|