Lines 121-128
Link Here
|
121 |
|
121 |
|
122 |
// Pressed the "Update This Address' Settings" button or the |
122 |
// Pressed the "Update This Address' Settings" button or the |
123 |
// "Update ALL Addresses' Settings" button |
123 |
// "Update ALL Addresses' Settings" button |
124 |
if ($button == $lang['button_update_address'] || |
124 |
if (htmlentities($button) == $lang['button_update_address'] || |
125 |
$button == $lang['button_update_all_addresses']) { |
125 |
htmlentities($button) == $lang['button_update_all_addresses']) { |
126 |
|
126 |
|
127 |
if (isset($_POST["policy"])) { // actually, I think we prefer not to use this, in favor of what's in the |
127 |
if (isset($_POST["policy"])) { // actually, I think we prefer not to use this, in favor of what's in the |
128 |
$policy_id = trim($_POST["policy"]); // users.policy_id |
128 |
$policy_id = trim($_POST["policy"]); // users.policy_id |
Lines 310-316
Link Here
|
310 |
"spam_kill_level = ? " . |
310 |
"spam_kill_level = ? " . |
311 |
"WHERE id = ?"; |
311 |
"WHERE id = ?"; |
312 |
|
312 |
|
313 |
if ($button == $lang['button_update_all_addresses']) { |
313 |
if (htmlentities($button) == $lang['button_update_all_addresses']) { |
314 |
$select = "SELECT policy_id FROM users WHERE maia_user_id = ? "; |
314 |
$select = "SELECT policy_id FROM users WHERE maia_user_id = ? "; |
315 |
$sth = $dbh->query($select, array($euid)); |
315 |
$sth = $dbh->query($select, array($euid)); |
316 |
while ($row = $sth->fetchrow()) { |
316 |
while ($row = $sth->fetchrow()) { |
Lines 356-362
Link Here
|
356 |
$message = $lang['text_settings_updated']; |
356 |
$message = $lang['text_settings_updated']; |
357 |
|
357 |
|
358 |
// Pressed the "Update Miscellaneous Settings" button |
358 |
// Pressed the "Update Miscellaneous Settings" button |
359 |
} elseif ($button == $lang['button_update_misc']) { |
359 |
} elseif (htmlentities($button) == $lang['button_update_misc']) { |
360 |
|
360 |
|
361 |
if (isset($_POST["reminder"])) { |
361 |
if (isset($_POST["reminder"])) { |
362 |
$reminder = (trim($_POST["reminder"]) == "yes" ? "Y" : "N"); |
362 |
$reminder = (trim($_POST["reminder"]) == "yes" ? "Y" : "N"); |
Lines 429-435
Link Here
|
429 |
|
429 |
|
430 |
|
430 |
|
431 |
// Pressed the "Add E-Mail Address" button |
431 |
// Pressed the "Add E-Mail Address" button |
432 |
} elseif ($button == $lang['button_add_email_address']) { |
432 |
} elseif (htmlentities($button) == $lang['button_add_email_address']) { |
433 |
|
433 |
|
434 |
if (isset($_POST["login"])) { |
434 |
if (isset($_POST["login"])) { |
435 |
$login = trim($_POST["login"]); |
435 |
$login = trim($_POST["login"]); |
Lines 477-483
Link Here
|
477 |
} |
477 |
} |
478 |
|
478 |
|
479 |
// Pressed the "Update Login Credentials" button |
479 |
// Pressed the "Update Login Credentials" button |
480 |
} elseif ($button == $lang['button_change_login_info'] && $auth_method == "internal") { |
480 |
} elseif (htmlentities($button) == $lang['button_change_login_info'] && $auth_method == "internal") { |
481 |
|
481 |
|
482 |
if (isset($_POST["new_login_name"])) { |
482 |
if (isset($_POST["new_login_name"])) { |
483 |
$new_login = trim($_POST["new_login_name"]); |
483 |
$new_login = trim($_POST["new_login_name"]); |