Changeset 2268 for trunk/profile.php


Ignore:
Timestamp:
Mar 8, 2008, 1:38:09 PM (16 years ago)
Author:
rvelices
Message:
  • security fix (profile)
  • les langues a la hache
  • fix some copy/paste errors
File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/profile.php

    r2247 r2268  
    33// | PhpWebGallery - a PHP based picture gallery                           |
    44// | Copyright (C) 2002-2003 Pierrick LE GALL - pierrick@phpwebgallery.net |
    5 // | Copyright (C) 2003-2007 PhpWebGallery Team - http://phpwebgallery.net |
     5// | Copyright (C) 2003-2008 PhpWebGallery Team - http://phpwebgallery.net |
    66// +-----------------------------------------------------------------------+
    77// | file          : $Id$
     
    5555    $userdata );
    5656
    57   $template->assign('U_HOME', make_index_url());
    58 
    5957  // +-----------------------------------------------------------------------+
    6058  // |                             errors display                            |
     
    7169
    7270//------------------------------------------------------ update & customization
    73 function save_profile_from_post(&$userdata, &$errors)
     71function save_profile_from_post($userdata, &$errors)
    7472{
    7573  global $conf;
    7674  $errors = array();
    77  
     75
    7876  if (!isset($_POST['validate']))
    7977  {
    8078    return false;
     79  }
     80
     81  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
     82  if ($special_user)
     83  {
     84    unset($_POST['mail_address'],
     85          $_POST['password'],
     86          $_POST['use_new_pwd'],
     87          $_POST['passwordConf']
     88          );
    8189  }
    8290
     
    159167
    160168      $data = array();
    161       $data{$conf['user_fields']['id']} = $_POST['userid'];
     169      $data{$conf['user_fields']['id']} = $userdata['id'];
    162170      $data{$conf['user_fields']['email']} = $_POST['mail_address'];
    163171
     
    183191
    184192    $data = array();
    185     $data['user_id'] = $_POST['userid'];
     193    $data['user_id'] = $userdata['id'];
    186194
    187195    foreach ($fields as $field)
     
    196204                 array($data));
    197205
    198     trigger_action( 'loc_user_profile_updated', $_POST['userid'] );
     206    trigger_action( 'save_profile_from_post', $userdata['id'] );
    199207   
    200208    if (!empty($_POST['redirect']))
     
    215223  $template->assign('radio_options',
    216224    array(
    217       'true' => l10n('yes'),
    218       'false' => l10n('no')));
     225      'true' => l10n('Yes'),
     226      'false' => l10n('No')));
    219227
    220228  $template->assign(
    221229    array(
    222230      'USERNAME'=>$userdata['username'],
    223       'USERID'=>$userdata['id'],
    224231      'EMAIL'=>get_email_address_as_display_text(@$userdata['email']),
    225232      'NB_IMAGE_LINE'=>$userdata['nb_image_line'],
     
    256263  $template->assign('language_options', $language_options);
    257264
    258   if (!(in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']))))
    259   {
    260     $template->assign('not_special_user', true);
    261     $template->assign('in_admin', defined('IN_ADMIN'));
    262   }
    263 
     265  $special_user = in_array($userdata['id'], array($conf['guest_id'], $conf['default_user_id']));
     266  $template->assign('SPECIAL_USER', $special_user);
     267  $template->assign('IN_ADMIN', defined('IN_ADMIN'));
     268
     269  // allow plugins to add their own form data to content
     270  trigger_action( 'load_profile_in_template', $userdata );
     271 
    264272  $template->assign_var_from_handle('PROFILE_CONTENT', 'profile_content');
    265273}
Note: See TracChangeset for help on using the changeset viewer.