projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Sanitize integer option fields - only digits allowed
[squirrelmail.git] / functions / options.php
diff --git a/functions/options.php b/functions/options.php
index a09f3a2e41840e2ec3917780c912b3ab21303f37..aef6e97420ec50c6de4b1e8870bb2cab2583c3da 100644 (file)
--- a/functions/options.php
+++ b/functions/options.php
@@ -894,6 +894,15 @@ function save_option($option) {
           && empty($option->new_value)) 
         setPref($data_dir, $username, $option->name, SMPREF_OFF);
 
+    // For integer fields, make sure we only have digits...
+    // We'll be nice and instead of just converting to an integer,
+    // we'll physically remove each non-digit in the string.
+    //
+    else if ($option->type == SMOPT_TYPE_INTEGER) {
+        $option->new_value = preg_replace('/[^0-9]/', '', $option->new_value);
+        setPref($data_dir, $username, $option->name, $option->new_value);
+    }
+
     else
         setPref($data_dir, $username, $option->name, $option->new_value);
 
Unnamed repository; edit this file 'description' to name the repository.