Sanitize integer option fields - only digits allowed

author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)

committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>

Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)
author pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)
committer pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)
diff --git a/functions/options.php b/functions/options.php

index a09f3a2e41840e2ec3917780c912b3ab21303f37..aef6e97420ec50c6de4b1e8870bb2cab2583c3da 100644 (file)
--- a/functions/options.php
+++ b/functions/options.php
@@ -894,6 +894,15 @@ function save_option($option) {
            && empty($option->new_value)) 
          setPref($data_dir, $username, $option->name, SMPREF_OFF);
  
            && empty($option->new_value)) 
          setPref($data_dir, $username, $option->name, SMPREF_OFF);
  
+    // For integer fields, make sure we only have digits...
+    // We'll be nice and instead of just converting to an integer,
+    // we'll physically remove each non-digit in the string.
+    //
+    else if ($option->type == SMOPT_TYPE_INTEGER) {
+        $option->new_value = preg_replace('/[^0-9]/', '', $option->new_value);
+        setPref($data_dir, $username, $option->name, $option->new_value);
+    }
+
      else
          setPref($data_dir, $username, $option->name, $option->new_value);
  
      else
          setPref($data_dir, $username, $option->name, $option->new_value);
author	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)
committer	pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
	Thu, 29 Dec 2011 06:56:03 +0000 (06:56 +0000)