diff options
| author | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
|---|---|---|
| committer | Henry Sudhof <kellanved@phpbb.com> | 2007-10-03 15:05:54 +0000 |
| commit | 4defd8a8306fa8daa25427a37fb6db00bff390c7 (patch) | |
| tree | 7914a43cdc9b2d2107e7baeb7061990664bdd841 /phpBB/includes/ucp/ucp_prefs.php | |
| parent | 87e2e62c34da983258944db361d9a9b9785737e6 (diff) | |
| download | forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.gz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.bz2 forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.tar.xz forums-4defd8a8306fa8daa25427a37fb6db00bff390c7.zip | |
Ok, here comes a big one. Poor updater. Also requires testing.
#i91
#i92
#i93
#i94
#i95
#i96
git-svn-id: file:///svn/phpbb/trunk@8120 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/includes/ucp/ucp_prefs.php')
| -rw-r--r-- | phpBB/includes/ucp/ucp_prefs.php | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/phpBB/includes/ucp/ucp_prefs.php b/phpBB/includes/ucp/ucp_prefs.php index b0e8f098c2..445000b4dc 100644 --- a/phpBB/includes/ucp/ucp_prefs.php +++ b/phpBB/includes/ucp/ucp_prefs.php @@ -28,7 +28,7 @@ class ucp_prefs switch ($mode) { case 'personal': - + add_form_key('ucp_prefs_personal'); $data = array( 'notifymethod' => request_var('notifymethod', $user->data['user_notify_type']), 'dateformat' => request_var('dateformat', $user->data['user_dateformat'], true), @@ -55,6 +55,11 @@ class ucp_prefs 'tz' => array('num', false, -14, 14), )); + if (!check_form_key('ucp_prefs_personal')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $user->optionset('popuppm', $data['popuppm']); @@ -140,6 +145,8 @@ class ucp_prefs case 'view': + add_form_key('ucp_prefs_view'); + $data = array( 'topic_sk' => request_var('topic_sk', (!empty($user->data['user_topic_sortby_type'])) ? $user->data['user_topic_sortby_type'] : 't'), 'topic_sd' => request_var('topic_sd', (!empty($user->data['user_topic_sortby_dir'])) ? $user->data['user_topic_sortby_dir'] : 'd'), @@ -166,6 +173,11 @@ class ucp_prefs 'post_sd' => array('string', false, 1, 1), )); + if (!check_form_key('ucp_prefs_view')) + { + $error[] = 'FORM_INVALID'; + } + if (!sizeof($error)) { $user->optionset('viewimg', $data['images']); @@ -276,25 +288,34 @@ class ucp_prefs 'sig' => request_var('sig', $user->optionget('attachsig')), 'notify' => request_var('notify', $user->data['user_notify']), ); + add_form_key('ucp_prefs_post'); if ($submit) { - $user->optionset('bbcode', $data['bbcode']); - $user->optionset('smilies', $data['smilies']); - $user->optionset('attachsig', $data['sig']); + if (check_form_key('ucp_prefs_post')) + { + $user->optionset('bbcode', $data['bbcode']); + $user->optionset('smilies', $data['smilies']); + $user->optionset('attachsig', $data['sig']); - $sql_ary = array( - 'user_options' => $user->data['user_options'], - 'user_notify' => $data['notify'], - ); + $sql_ary = array( + 'user_options' => $user->data['user_options'], + 'user_notify' => $data['notify'], + ); - $sql = 'UPDATE ' . USERS_TABLE . ' - SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' - WHERE user_id = ' . $user->data['user_id']; - $db->sql_query($sql); + $sql = 'UPDATE ' . USERS_TABLE . ' + SET ' . $db->sql_build_array('UPDATE', $sql_ary) . ' + WHERE user_id = ' . $user->data['user_id']; + $db->sql_query($sql); + $msg = $user->lang['PREFERENCES_UPDATED']; + } + else + { + $msg = $user->lang['FORM_INVALID']; + } meta_refresh(3, $this->u_action); - $message = $user->lang['PREFERENCES_UPDATED'] . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); + $message = $msg . '<br /><br />' . sprintf($user->lang['RETURN_UCP'], '<a href="' . $this->u_action . '">', '</a>'); trigger_error($message); } |