sync of fix to stable

author: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-16 10:26:39 +0000
committer: Karl 'vollmerk' Vollmer <vollmer@ampache.org> 2007-12-16 10:26:39 +0000
commit: 9dc866338aede131ece294b2dcd939d61a60d187 (patch)
tree: 87964f34bb602ed23940a2acb9ca4daad4129b29 /lib/preferences.php
parent: 02a401563b7f9a5f11c8664b621850c52204d7dd (diff)
download: ampache-9dc866338aede131ece294b2dcd939d61a60d187.tar.gz
ampache-9dc866338aede131ece294b2dcd939d61a60d187.tar.bz2
ampache-9dc866338aede131ece294b2dcd939d61a60d187.zip
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/preferences.php b/lib/preferences.php
index 45e12bbb..95062e37 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -112,7 +112,7 @@ function update_preference($user_id,$name,$pref_id,$value) {
 	} 
 	
 	/* Else make sure that the current users has the right to do this */
-	if (has_preference_access($name)) { 
+	if (Preference::has_access($name)) { 
 		$sql = "UPDATE `user_preference` SET `value`='$value' WHERE `preference`='$pref_id' AND `user`='$user_id'";
 		$db_results = Dba::query($sql);
 		return true;
@@ -159,10 +159,13 @@ function has_preference_access($name) {
  */
 function create_preference_input($name,$value) { 
 
+	// Escape it for output
+	$value = scrub_out($value); 
+
 	$len = strlen($value);
 	if ($len <= 1) { $len = 8; }
 
-	if (!has_preference_access($name)) { 
+	if (!Preference::has_access($name)) { 
 		if ($value == '1') { 
 			echo "Enabled";
 		}
author	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-16 10:26:39 +0000
committer	Karl 'vollmerk' Vollmer <vollmer@ampache.org>	2007-12-16 10:26:39 +0000
commit	9dc866338aede131ece294b2dcd939d61a60d187 (patch)
tree	87964f34bb602ed23940a2acb9ca4daad4129b29 /lib/preferences.php
parent	02a401563b7f9a5f11c8664b621850c52204d7dd (diff)
download	ampache-9dc866338aede131ece294b2dcd939d61a60d187.tar.gz ampache-9dc866338aede131ece294b2dcd939d61a60d187.tar.bz2 ampache-9dc866338aede131ece294b2dcd939d61a60d187.zip