*
* Functions needed to display the options pages.
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/* Get the widget for this option type. */
switch ($this->type) {
+ case SMOPT_TYPE_PASSWORD:
+ $result = $this->createWidget_String(TRUE);
+ break;
case SMOPT_TYPE_STRING:
$result = $this->createWidget_String();
break;
/**
* Create string field
+ *
+ * @param boolean $password When TRUE, the text in the input
+ * widget will be obscured (OPTIONAL;
+ * default = FALSE).
+ *
* @return string html formated option field
+ *
*/
- function createWidget_String() {
+ function createWidget_String($password=FALSE) {
switch ($this->size) {
case SMOPT_SIZE_TINY:
$width = 5;
}
//TODO: might be better to have a separate template file for all widgets, because then the layout of the widget and the "trailing text" can be customized - they are still hard coded here
- return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ if ($password)
+ return addPwField('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
+ else
+ return addInput('new_' . $this->name, $this->value, $width, 0, $this->aExtraAttribs) . ' ' . htmlspecialchars($this->trailing_text);
}
/**
return;
}
+ // if the widget is a selection list, make sure the new
+ // value is actually in the selection list and is not an
+ // injection attack
+ //
+ if ($option->type == SMOPT_TYPE_STRLIST
+ && !array_key_exists($option->new_value, $option->possible_values))
+ return;
+
+
+ // all other widgets except TEXTAREAs should never be allowed to have newlines
+ //
+ else if ($option->type != SMOPT_TYPE_TEXTAREA)
+ $option->new_value = str_replace(array("\r", "\n"), '', $option->new_value);
+
+
global $data_dir;
// edit lists: first add new elements to list, then
&& empty($option->new_value))
setPref($data_dir, $username, $option->name, SMPREF_OFF);
+ // For integer fields, make sure we only have digits...
+ // We'll be nice and instead of just converting to an integer,
+ // we'll physically remove each non-digit in the string.
+ //
+ else if ($option->type == SMOPT_TYPE_INTEGER) {
+ $option->new_value = preg_replace('/[^0-9]/', '', $option->new_value);
+ setPref($data_dir, $username, $option->name, $option->new_value);
+ }
+
else
setPref($data_dir, $username, $option->name, $option->new_value);