From 0380cfa9eee1293b0c81802884aefbadaaab9671 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 13 Feb 2012 12:46:20 +0400
Subject: [PATCH] fix customize CSS dialog disappearing newlines

---
 classes/rpc.php      | 5 ++---
 include/db-prefs.php | 4 ++--
 2 files changed, 4 insertions(+), 5 deletions(-)

diff --git a/classes/rpc.php b/classes/rpc.php
index ef89a214..7ecb1ae6 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -212,10 +212,9 @@ class RPC extends Protected_Handler {
 	function setpref() {
 		$value = str_replace("\n", "<br/>", $_REQUEST['value']);
 
-		$key = db_escape_string($_REQUEST["key"]);
-		$value = db_escape_string($value);
+		// set_pref escapes input, so no need to double escape it here
 
-		set_pref($this->link, $key, $value);
+		set_pref($this->link, $key, $value, $_SESSION['uid'], false);
 
 		print json_encode(array("param" =>$key, "value" => $value));
 	}
diff --git a/include/db-prefs.php b/include/db-prefs.php
index b62e01a7..696aae5d 100644
--- a/include/db-prefs.php
+++ b/include/db-prefs.php
@@ -79,9 +79,9 @@
 		}
 	}
 
-	function set_pref($link, $pref_name, $value, $user_id = false) {
+	function set_pref($link, $pref_name, $value, $user_id = false, $strip_tags = true) {
 		$pref_name = db_escape_string($pref_name);
-		$value = db_escape_string($value);
+		$value = db_escape_string($value, $strip_tags);
 
 		if (!$user_id) {
 			$user_id = $_SESSION["uid"];
-- 
2.39.5