+
+
+
+
+
-
+
1) {
+ if (! isset($method)) { $method = ''; }
+
+ if ($method == 'up' && $num > 1) {
$prev = $num-1;
$tmp = $index_order[$prev];
$index_order[$prev] = $index_order[$num];
$index_order[$num] = $tmp;
- } else if ($method == "down" && $num < count($index_order)) {
+ } else if ($method == 'down' && $num < count($index_order)) {
$next = $num++;
$tmp = $index_order[$next];
$index_order[$next] = $index_order[$num];
$index_order[$num] = $tmp;
- } else if ($method == "remove" && $num) {
+ } else if ($method == 'remove' && $num) {
for ($i=1; $i < 8; $i++) {
removePref($data_dir, $username, "order$i");
}
@@ -75,9 +85,13 @@
$index_order = array();
$index_order = $new_ary;
if (count($index_order) < 1) {
- include "../src/load_prefs.php";
+ include_once('../src/load_prefs.php');
}
- } else if ($method == "add" && $add) {
+ } else if ($method == 'add' && $add) {
+ // User should not be able to insert PHP-code here
+ $add = str_replace ('', '..', $add);
+ $add = ereg_replace ('<.*script.*language.*php.*>', '..', $add);
+ $add = str_replace ('<%', '..', $add);
$index_order[count($index_order)+1] = $add;
}
@@ -86,57 +100,61 @@
setPref($data_dir, $username, "order$i", $index_order[$i]);
}
}
- echo "";
- echo "\n";
+ echo '' . "\n";
echo _("The index order is the order that the columns are arranged in the message index. You can add, remove, and move columns around to customize them to fit your needs.");
- echo " |
";
+ echo ' |
';
if (count($index_order))
{
- echo "";
- echo "
+
+
+
+ |
+
+
+ |
+
|