+ // Can't save the pref if we don't have the username
+ //
+ if ( !sqgetGlobalVar('username', $username, SQ_SESSION ) ) {
+ return;
+ }
+
+ // if the widget is a selection list, make sure the new
+ // value is actually in the selection list and is not an
+ // injection attack
+ //
+ if ($option->type == SMOPT_TYPE_STRLIST
+ && !array_key_exists($option->new_value, $option->possible_values))
+ return;
+
+
+ // all other widgets except TEXTAREAs should never be allowed to have newlines
+ //
+ else if ($option->type != SMOPT_TYPE_TEXTAREA)
+ $option->new_value = str_replace(array("\r", "\n"), '', $option->new_value);
+
+
+ global $data_dir;
+
+ // edit lists: first add new elements to list, then
+ // remove any selected ones (note that we must add
+ // before deleting because the javascript that populates
+ // the "add" textbox when selecting items in the list
+ // (for deletion))
+ //
+ if ($option->type == SMOPT_TYPE_EDIT_LIST) {
+
+ if (empty($option->possible_values)) $option->possible_values = array();
+ if (!is_array($option->possible_values)) $option->possible_values = array($option->possible_values);
+
+ // add element if given
+ //
+ if ((isset($option->use_add_widget) && $option->use_add_widget)
+ && sqGetGlobalVar('add_' . $option->name, $new_element, SQ_POST)) {
+ $new_element = trim($new_element);
+ if (!empty($new_element)
+ && !in_array($new_element, $option->possible_values))
+ $option->possible_values[] = $new_element;
+ }
+
+ // delete selected elements if needed
+ //
+ if ((isset($option->use_delete_widget) && $option->use_delete_widget)
+ && is_array($option->new_value)
+ && sqGetGlobalVar('delete_' . $option->name, $ignore, SQ_POST))
+ $option->possible_values = array_diff($option->possible_values, $option->new_value);
+
+ // save full list (stored in "possible_values")
+ //
+ setPref($data_dir, $username, $option->name, serialize($option->possible_values));
+
+ // associative edit lists are handled similar to
+ // non-associative ones
+ //
+ } else if ($option->type == SMOPT_TYPE_EDIT_LIST_ASSOCIATIVE) {
+
+ if (empty($option->possible_values)) $option->possible_values = array();
+ if (!is_array($option->possible_values)) $option->possible_values = array($option->possible_values);
+
+ // add element if given
+ //
+ $new_element_key = '';
+ $new_element_value = '';
+ $retrieve_key = sqGetGlobalVar('add_' . $option->name . '_key', $new_element_key, SQ_POST);
+ $retrieve_value = sqGetGlobalVar('add_' . $option->name . '_value', $new_element_value, SQ_POST);
+
+ if ((isset($option->use_add_widget) && $option->use_add_widget)
+ && ($retrieve_key || $retrieve_value)) {
+ $new_element_key = trim($new_element_key);
+ $new_element_value = trim($new_element_value);
+ if ($option->poss_value_folders && empty($new_element_key))
+ $new_element_value = '';
+ if (!empty($new_element_key) || !empty($new_element_value)) {
+ if (empty($new_element_key)) $new_element_key = '0';
+ $option->possible_values[$new_element_key] = $new_element_value;
+ }
+ }
+
+ // delete selected elements if needed
+ //
+ if ((isset($option->use_delete_widget) && $option->use_delete_widget)
+ && is_array($option->new_value)
+ && sqGetGlobalVar('delete_' . $option->name, $ignore, SQ_POST)) {
+
+ if ($option->layout_type == SMOPT_EDIT_LIST_LAYOUT_SELECT) {
+ foreach ($option->new_value as $key)
+ unset($option->possible_values[urldecode($key)]);
+ }
+ else
+ $option->possible_values = array_diff($option->possible_values, $option->new_value);
+ }
+
+ // save full list (stored in "possible_values")
+ //
+ setPref($data_dir, $username, $option->name, serialize($option->possible_values));
+
+ // Certain option types need to be serialized because
+ // they are not scalar
+ //
+ } else if ($option->is_multiple_valued())
+ setPref($data_dir, $username, $option->name, serialize($option->new_value));
+
+ // Checkboxes, when unchecked, don't submit anything in
+ // the POST, so set to SMPREF_OFF if not found
+ //
+ else if (($option->type == SMOPT_TYPE_BOOLEAN
+ || $option->type == SMOPT_TYPE_BOOLEAN_CHECKBOX)
+ && empty($option->new_value))
+ setPref($data_dir, $username, $option->name, SMPREF_OFF);
+
+ // For integer fields, make sure we only have digits...
+ // We'll be nice and instead of just converting to an integer,
+ // we'll physically remove each non-digit in the string.
+ //
+ else if ($option->type == SMOPT_TYPE_INTEGER) {
+ $option->new_value = preg_replace('/[^0-9]/', '', $option->new_value);
+ setPref($data_dir, $username, $option->name, $option->new_value);
+ }
+
+ else
+ setPref($data_dir, $username, $option->name, $option->new_value);
+
+
+ // if a checkbox or multi select is zeroed/cleared out, it
+ // needs to have an empty value pushed into its "new_value" slot
+ //
+ if (($option->type == SMOPT_TYPE_STRLIST_MULTI
+ || $option->type == SMOPT_TYPE_BOOLEAN_CHECKBOX)
+ && is_null($option->new_value))
+ $option->new_value = '';
+