diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-12-05 04:43:13 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2006-12-05 04:43:13 +0000 |
| commit | ca34aa1edeb011baed4e2a6fabe56d90c0ba314d (patch) | |
| tree | 19ef4bdd32a97f1effc6e50d2e06dba74fb398ba /lib/class/user.class.php | |
| parent | afe3b2fcb0183426c34620dfe2d68ed41f84d1d9 (diff) | |
| download | ampache-ca34aa1edeb011baed4e2a6fabe56d90c0ba314d.tar.gz ampache-ca34aa1edeb011baed4e2a6fabe56d90c0ba314d.tar.bz2 ampache-ca34aa1edeb011baed4e2a6fabe56d90c0ba314d.zip | |
* Prevent Album art set on demo because people put porn in there :(
* Fix Push functionality for the Democratic view stuff
* Add footer div definition per Apex's request
* Fix Config display with multi-value elements
* Added plugin checking to update.php wq
Diffstat (limited to 'lib/class/user.class.php')
| -rw-r--r-- | lib/class/user.class.php | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/class/user.class.php b/lib/class/user.class.php index 9c8572af..fefca81f 100644 --- a/lib/class/user.class.php +++ b/lib/class/user.class.php @@ -248,6 +248,7 @@ class User { /** * update_preference + * //FIXME: Unused at this point, should be removed or used * updates a single preference if the query fails * it attempts to insert the preference instead * @package User @@ -255,14 +256,21 @@ class User { * @todo Do a has_preference_access check */ function update_preference($preference_id, $value, $username=0) { - + + if (!has_preference_access(get_preference_name($preference_id))) { + return false; + } + if (!$username) { $username = $this->username; } if (!conf('use_auth')) { $username = '-1'; } - $value = sql_escape($value); + $value = sql_escape($value); + $preference_id = sql_escape($preference_id); + $username = sql_escape($username); + $sql = "UPDATE user_preference SET value='$value' WHERE user='$username' AND preference='$preference_id'"; $db_results = @mysql_query($sql, dbh()); |