mirror of
https://github.com/roundcube/roundcubemail.git
synced 2026-03-06 16:16:48 +01:00
ca8b17d191
* fix "yoda_style" * fix "is_null" * rm useless rule ignores * add full "PhpCsFixer:risky" ruleset * fix "implode_call" * fix "no_alias_functions" * fix "array_push" * fix "long_to_shorthand_operator" * fix "ternary_to_elvis_operator" * fix "logical_operators" * fix "fopen_flags" * rename "returns" phpdoc tags to "return" * fix "php_unit_construct" * fix "function_to_constant" * fix "php_unit_data_provider_return_type" * fix "php_unit_set_up_tear_down_visibility" * some safe "string_length_to_empty" * fix "phpdoc_align" * fix "phpdoc_no_alias_tag" * fix "trailing_comma_in_multiline" --------- Co-authored-by: Aleksander Machniak <alec@alec.pl>
91 lines
3.3 KiB
PHP
91 lines
3.3 KiB
PHP
<?php
|
|
|
|
/*
|
|
+-----------------------------------------------------------------------+
|
|
| This file is part of the Roundcube Webmail client |
|
|
| |
|
|
| Copyright (C) The Roundcube Dev Team |
|
|
| |
|
|
| Licensed under the GNU General Public License version 3 or |
|
|
| any later version with exceptions for skins & plugins. |
|
|
| See the README file for a full license statement. |
|
|
| |
|
|
| PURPOSE: |
|
|
| Save preferences setting in database |
|
|
+-----------------------------------------------------------------------+
|
|
| Author: Aleksander Machniak <alec@alec.pl> |
|
|
+-----------------------------------------------------------------------+
|
|
*/
|
|
|
|
class rcmail_action_utils_save_pref extends rcmail_action
|
|
{
|
|
// only process ajax requests
|
|
protected static $mode = self::MODE_AJAX;
|
|
|
|
/**
|
|
* Request handler.
|
|
*
|
|
* @param array $args Arguments from the previous step(s)
|
|
*/
|
|
public function run($args = [])
|
|
{
|
|
$rcmail = rcmail::get_instance();
|
|
$name = rcube_utils::get_input_string('_name', rcube_utils::INPUT_POST);
|
|
$value = rcube_utils::get_input_value('_value', rcube_utils::INPUT_POST);
|
|
$sessname = rcube_utils::get_input_string('_session', rcube_utils::INPUT_POST);
|
|
|
|
// Whitelisted preferences and session variables, others
|
|
// can be added by plugins
|
|
$whitelist = [
|
|
'list_cols',
|
|
'collapsed_folders',
|
|
'collapsed_abooks',
|
|
];
|
|
|
|
$whitelist_sess = [
|
|
'list_attrib/columns',
|
|
];
|
|
|
|
$whitelist = array_merge($whitelist, $rcmail->plugins->allowed_prefs);
|
|
$whitelist_sess = array_merge($whitelist_sess, $rcmail->plugins->allowed_session_prefs);
|
|
|
|
if (!in_array($name, $whitelist) || ($sessname && !in_array($sessname, $whitelist_sess))) {
|
|
rcube::raise_error([
|
|
'code' => 500,
|
|
'file' => __FILE__,
|
|
'line' => __LINE__,
|
|
'message' => sprintf("Hack attempt detected (user: %s)", $rcmail->get_user_name()),
|
|
],
|
|
true,
|
|
false
|
|
);
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
|
|
// save preference value
|
|
$rcmail->user->save_prefs([$name => $value]);
|
|
|
|
// update also session if requested
|
|
if ($sessname) {
|
|
// Support multidimensional arrays...
|
|
$vars = explode('/', $sessname);
|
|
|
|
// ... up to 3 levels
|
|
if (count($vars) == 1) {
|
|
$_SESSION[$vars[0]] = $value;
|
|
}
|
|
else if (count($vars) == 2) {
|
|
$_SESSION[$vars[0]][$vars[1]] = $value;
|
|
}
|
|
else if (count($vars) == 3) {
|
|
$_SESSION[$vars[0]][$vars[1]][$vars[2]] = $value;
|
|
}
|
|
}
|
|
|
|
$rcmail->output->reset();
|
|
$rcmail->output->send();
|
|
}
|
|
}
|