Revision 1572
Added by Dietmar over 12 years ago
| save.php | ||
|---|---|---|
| 51 | 51 |
$pattern = '/^[_a-zA-Z0-9-]+(\.[_a-zA-Z0-9-]+)*@[a-zA-Z0-9-]+(\.[a-zA-Z0-9-]+)*\.(([0-9]{1,3})|([a-zA-Z]{2,6}))$/';
|
| 52 | 52 |
if(false == preg_match($pattern, $_POST['server_email'])) |
| 53 | 53 |
{
|
| 54 |
$admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'].
|
|
| 54 |
$admin->print_error($MESSAGE['USERS_INVALID_EMAIL'].
|
|
| 55 | 55 |
'<br /><strong>Email: '.htmlentities($_POST['server_email']).'</strong>', $js_back); |
| 56 | 56 |
} |
| 57 | 57 |
} |
| 58 | 58 |
|
| 59 |
if(isset($_POST['wbmailer_routine']) && ($_POST['wbmailer_routine']=='smtp')) {
|
|
| 60 |
|
|
| 61 |
$checkSmtpHost = (isset($_POST['wbmailer_smtp_host']) && ($_POST['wbmailer_smtp_host']=='') ? false : true); |
|
| 62 |
$checkSmtpUser = (isset($_POST['wbmailer_smtp_username']) && ($_POST['wbmailer_smtp_username']=='') ? false : true); |
|
| 63 |
$checkSmtpPassword = (isset($_POST['wbmailer_smtp_password']) && ($_POST['wbmailer_smtp_password']=='') ? false : true); |
|
| 64 |
if(!$checkSmtpHost || !$checkSmtpUser || !$checkSmtpPassword) {
|
|
| 65 |
$admin->print_error($TEXT['REQUIRED'].' '.$TEXT['WBMAILER_SMTP_AUTH']. |
|
| 66 |
'<br /><strong>'.$MESSAGE['GENERIC_FILL_IN_ALL'].'</strong>', $js_back); |
|
| 67 |
} |
|
| 68 |
|
|
| 69 |
} |
|
| 70 |
|
|
| 59 | 71 |
// Work-out file mode |
| 60 | 72 |
if($advanced == '') |
| 61 | 73 |
{
|
| ... | ... | |
| 138 | 150 |
$allow_tags_in_fields = array('website_header', 'website_footer');
|
| 139 | 151 |
$allow_empty_values = array('website_header','website_footer','sec_anchor','pages_directory','page_spacer');
|
| 140 | 152 |
$disallow_in_fields = array('pages_directory', 'media_directory','wb_version');
|
| 141 |
// Create new database object |
|
| 142 |
/*$database = new database(); */ |
|
| 143 | 153 |
|
| 144 | 154 |
// Query current settings in the db, then loop through them and update the db with the new value |
| 145 | 155 |
$settings = array(); |
| ... | ... | |
| 148 | 158 |
$sql = 'SELECT `name`, `value` FROM `'.TABLE_PREFIX.'settings`'; |
| 149 | 159 |
$sql .= 'ORDER BY `name`'; |
| 150 | 160 |
|
| 151 |
$res_settings = $database->query($sql); |
|
| 152 |
$passed = false; |
|
| 153 |
while($setting = $res_settings->fetchRow()) |
|
| 154 |
{
|
|
| 155 |
$old_settings[$setting['name']] = $setting['value']; |
|
| 156 |
$setting_name = $setting['name']; |
|
| 157 |
$value = $admin->get_post($setting_name); |
|
| 158 |
$value = isset($_POST[$setting_name]) ? $value : $old_settings[$setting_name] ; |
|
| 159 |
switch ($setting_name) {
|
|
| 160 |
case 'default_timezone': |
|
| 161 |
$value=$value*60*60; |
|
| 162 |
$passed = true; |
|
| 161 |
if($res_settings = $database->query($sql)) {
|
|
| 162 |
$passed = false; |
|
| 163 |
while($setting = $res_settings->fetchRow()) |
|
| 164 |
{
|
|
| 165 |
$old_settings[$setting['name']] = $setting['value']; |
|
| 166 |
$setting_name = $setting['name']; |
|
| 167 |
$value = $admin->get_post($setting_name); |
|
| 168 |
$value = isset($_POST[$setting_name]) ? $value : $old_settings[$setting_name] ; |
|
| 169 |
switch ($setting_name) {
|
|
| 170 |
case 'default_timezone': |
|
| 171 |
$value=$value*60*60; |
|
| 172 |
$passed = true; |
|
| 173 |
break; |
|
| 174 |
case 'string_dir_mode': |
|
| 175 |
$value=$dir_mode; |
|
| 176 |
$passed = true; |
|
| 177 |
break; |
|
| 178 |
case 'string_file_mode': |
|
| 179 |
$value=$file_mode; |
|
| 180 |
$passed = true; |
|
| 163 | 181 |
break; |
| 164 |
case 'string_dir_mode': |
|
| 165 |
$value=$dir_mode; |
|
| 166 |
$passed = true; |
|
| 167 |
break; |
|
| 168 |
case 'string_file_mode': |
|
| 169 |
$value=$file_mode; |
|
| 170 |
$passed = true; |
|
| 171 |
break; |
|
| 172 |
case 'pages_directory': |
|
| 173 |
break; |
|
| 174 |
case 'wbmailer_smtp_auth': |
|
| 175 |
$value = isset($_POST[$setting_name]) ? $_POST[$setting_name] : '' ; |
|
| 176 |
$passed = true; |
|
| 177 |
break; |
|
| 178 |
default : |
|
| 179 |
$passed = in_array($setting_name, $allow_empty_values); |
|
| 180 |
break; |
|
| 181 |
} |
|
| 182 |
if (!in_array($setting_name, $allow_tags_in_fields)) |
|
| 183 |
{
|
|
| 184 |
$value = strip_tags($value); |
|
| 185 |
} |
|
| 182 |
case 'pages_directory': |
|
| 183 |
break; |
|
| 184 |
case 'wbmailer_smtp_auth': |
|
| 185 |
// $value = isset($_POST[$setting_name]) ? $_POST[$setting_name] : '' ; |
|
| 186 |
$value = true ; |
|
| 187 |
$passed = true; |
|
| 188 |
break; |
|
| 189 |
default : |
|
| 190 |
$passed = in_array($setting_name, $allow_empty_values); |
|
| 191 |
break; |
|
| 192 |
} |
|
| 186 | 193 |
|
| 194 |
if (!in_array($setting_name, $allow_tags_in_fields)) |
|
| 195 |
{
|
|
| 196 |
$value = strip_tags($value); |
|
| 197 |
} |
|
| 187 | 198 |
|
| 188 |
if ( !in_array($value, $disallow_in_fields) && (isset($_POST[$setting_name]) || $passed == true) ) |
|
| 189 |
{
|
|
| 190 |
$value = trim($admin->add_slashes($value)); |
|
| 191 |
$sql = 'UPDATE `'.TABLE_PREFIX.'settings` '; |
|
| 192 |
$sql .= 'SET `value` = \''.$value.'\' '; |
|
| 193 |
$sql .= 'WHERE `name` <> \'wb_version\' ';
|
|
| 194 |
$sql .= 'AND `name` = \''.$setting_name.'\' '; |
|
| 199 |
if ( !in_array($value, $disallow_in_fields) && (isset($_POST[$setting_name]) || $passed == true) )
|
|
| 200 |
{
|
|
| 201 |
$value = trim($admin->add_slashes($value));
|
|
| 202 |
$sql = 'UPDATE `'.TABLE_PREFIX.'settings` ';
|
|
| 203 |
$sql .= 'SET `value` = \''.$value.'\' ';
|
|
| 204 |
$sql .= 'WHERE `name` != \'wb_version\' ';
|
|
| 205 |
$sql .= 'AND `name` = \''.$setting_name.'\' ';
|
|
| 195 | 206 |
|
| 196 |
if (!$database->query($sql)) |
|
| 197 |
{
|
|
| 198 |
if($database->is_error()) {
|
|
| 199 |
$admin->print_error($database->get_error, $js_back ); |
|
| 200 |
} |
|
| 201 |
} |
|
| 207 |
if (!$database->query($sql)) |
|
| 208 |
{
|
|
| 209 |
if($database->is_error()) {
|
|
| 210 |
$admin->print_error($database->get_error, $js_back ); |
|
| 211 |
} |
|
| 212 |
} |
|
| 213 |
} |
|
| 202 | 214 |
} |
| 203 | 215 |
} |
| 204 | 216 |
|
Also available in: Unified diff
! security fix, force SMTP Authentifikation
! server and email settings only for superadmin