Merge branch 'master' of git.tt-rss.org:git/tt-rss into pdo-experimental

[tt-rss.git] / classes / pref / prefs.php

diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index 03563d8b093d220058d70a5884eb25d34d44d4a4..6d96b198dea52da085c780cd61edc947f2a994c8 100644 (file)
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -60,9 +60,9 @@ class Pref_Prefs extends Handler_Protected {
 
        function changepassword() {
 
-               $old_pw = $_POST["old_password"];
-               $new_pw = $_POST["new_password"];
-               $con_pw = $_POST["confirm_password"];
+               $old_pw = clean($_POST["old_password"]);
+               $new_pw = clean($_POST["new_password"]);
+               $con_pw = clean($_POST["confirm_password"]);
 
                if ($old_pw == "") {
                        print "ERROR: ".format_error("Old password cannot be blank.");
@@ -89,7 +89,7 @@ class Pref_Prefs extends Handler_Protected {
        }
 
        function saveconfig() {
-               $boolean_prefs = explode(",", $_POST["boolean_prefs"]);
+               $boolean_prefs = explode(",", clean($_POST["boolean_prefs"]));
 
                foreach ($boolean_prefs as $pref) {
                        if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
@@ -99,7 +99,6 @@ class Pref_Prefs extends Handler_Protected {
 
                foreach (array_keys($_POST) as $pref_name) {
 
-                       $pref_name = $pref_name;
                        $value = $_POST[$pref_name];
 
                        if ($pref_name == 'DIGEST_PREFERRED_TIME') {
@@ -130,8 +129,8 @@ class Pref_Prefs extends Handler_Protected {
 
        function changeemail() {
 
-               $email = $_POST["email"];
-               $full_name = $_POST["full_name"];
+               $email = clean($_POST["email"]);
+               $full_name = clean($_POST["full_name"]);
                $active_uid = $_SESSION["uid"];
 
                $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
@@ -228,7 +227,7 @@ class Pref_Prefs extends Handler_Protected {
                print_hidden("op", "pref-prefs");
                print_hidden("method", "changeemail");
 
-               print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+               print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
                        __("Save data")."</button>";
 
                print "</form>";
@@ -299,7 +298,7 @@ class Pref_Prefs extends Handler_Protected {
                        print_hidden("op", "pref-prefs");
                        print_hidden("method", "changepassword");
 
-                       print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+                       print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
                                __("Change password")."</button>";
 
                        print "</form>";
@@ -404,7 +403,7 @@ class Pref_Prefs extends Handler_Protected {
                                        print "</td></tr>";
                                        print "</table>";
 
-                                       print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+                                       print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
                                                __("Enable OTP")."</button>";
 
                                        print "</form>";
@@ -651,7 +650,7 @@ class Pref_Prefs extends Handler_Protected {
                print_hidden("op", "pref-prefs");
                print_hidden("method", "saveconfig");
 
-               print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">
+               print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\" class=\"btn-primary\">
                        <span>".__('Save configuration')."</span>
                        <div dojoType=\"dijit.DropDownMenu\">
                                <div dojoType=\"dijit.MenuItem\"
@@ -663,7 +662,7 @@ class Pref_Prefs extends Handler_Protected {
                print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
                        __('Manage profiles')."</button> ";
 
-               print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
+               print "<button dojoType=\"dijit.form.Button\" class=\"btn-danger\" onclick=\"return validatePrefsReset()\">".
                        __('Reset to defaults')."</button>";
 
                print "&nbsp;";
@@ -881,8 +880,8 @@ class Pref_Prefs extends Handler_Protected {
                require_once "lib/otphp/lib/otp.php";
                require_once "lib/otphp/lib/totp.php";
 
-               $password = $_REQUEST["password"];
-               $otp = $_REQUEST["otp"];
+               $password = clean($_REQUEST["password"]);
+               $otp = clean($_REQUEST["otp"]);
 
                $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
 
@@ -931,7 +930,7 @@ class Pref_Prefs extends Handler_Protected {
        }
 
        function otpdisable() {
-               $password = $_REQUEST["password"];
+               $password = clean($_REQUEST["password"]);
 
                $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
 
@@ -949,8 +948,8 @@ class Pref_Prefs extends Handler_Protected {
        }
 
        function setplugins() {
-               if (is_array($_REQUEST["plugins"]))
-                       $plugins = join(",", $_REQUEST["plugins"]);
+               if (is_array(clean($_REQUEST["plugins"])))
+                       $plugins = join(",", clean($_REQUEST["plugins"]));
                else
                        $plugins = "";
 
@@ -958,7 +957,7 @@ class Pref_Prefs extends Handler_Protected {
        }
 
        function clearplugindata() {
-               $name = $_REQUEST["name"];
+               $name = clean($_REQUEST["name"]);
 
                PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
        }