ChangeSet ID: 25853 CVSROOT: /opt/cvs-commit Module name: appdb Changes by: wineowner@winehq.org 2006/06/19 16:28:45
Modified files: . : preferences.php
Log message: Chris Morgan cmorgan@alum.wpi.edu Clean all preferences, fixes setting preferences
Patch: http://cvs.winehq.org/patch.py?id=25853
Old revision New revision Changes Path 1.20 1.21 +20 -9 appdb/preferences.php
Index: appdb/preferences.php diff -u -p appdb/preferences.php:1.20 appdb/preferences.php:1.21 --- appdb/preferences.php:1.20 19 Jun 2006 21:28:45 -0000 +++ appdb/preferences.php 19 Jun 2006 21:28:45 -0000 @@ -21,6 +21,15 @@ $aClean['ext_realname'] = makeSafe($REQU $aClean['CVSrelease'] = makeSafe($REQUEST['CVSrelease']); $aClean['ext_hasadmin'] = makeSafe($POST['ext_hasadmin']);
+/* filter all of the preferences */ +while(list($key, $value) = each($_REQUEST)) +{ + if(ereg("^pref_(.+)$", $key, $arr)) + $aClean[$key] = makeSafe($value); +} + + +
if(!$_SESSION['current']->isLoggedIn()) { @@ -47,11 +56,11 @@ function build_prefs_list() global $oUser; $result = query_appdb("SELECT * FROM prefs_list ORDER BY id"); while($result && $r = mysql_fetch_object($result)) - { + { //skip admin options //TODO: add a field to prefs_list to flag the user level for the pref if(!$_SESSION['current']->hasPriv("admin")) - { + { if($r->name == "query:mode") continue; if($r->name == "sidebar") @@ -64,12 +73,12 @@ function build_prefs_list() continue; if($r->name == "debug") continue; - } + }
$input = html_select("pref_$r->name", explode('|', $r->value_list), $oUser->getpref($r->name, $r->def_value)); echo html_tr(array(" $r->description", $input)); - } + } }
function show_user_fields() @@ -94,11 +103,13 @@ function show_user_fields() if($_POST) { while(list($key, $value) = each($aClean)) - { - if(!ereg("^pref_(.+)$", $key, $arr)) - continue; - $oUser->setPref($arr[1], $value); - } + { + /* if a parameter lacks 'pref_' at its head it isn't a */ + /* preference so skip over processing it */ + if(!ereg("^pref_(.+)$", $key, $arr)) + continue; + $oUser->setPref($arr[1], $value); + }
if ($aClean['ext_password'] == $aClean['ext_password2']) {
-
WineHQ