summaryrefslogtreecommitdiffstats
path: root/lib/class/user.class.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/class/user.class.php')
-rw-r--r--lib/class/user.class.php12
1 files changed, 10 insertions, 2 deletions
diff --git a/lib/class/user.class.php b/lib/class/user.class.php
index 9c8572af..fefca81f 100644
--- a/lib/class/user.class.php
+++ b/lib/class/user.class.php
@@ -248,6 +248,7 @@ class User {
/**
* update_preference
+ * //FIXME: Unused at this point, should be removed or used
* updates a single preference if the query fails
* it attempts to insert the preference instead
* @package User
@@ -255,14 +256,21 @@ class User {
* @todo Do a has_preference_access check
*/
function update_preference($preference_id, $value, $username=0) {
-
+
+ if (!has_preference_access(get_preference_name($preference_id))) {
+ return false;
+ }
+
if (!$username) {
$username = $this->username;
}
if (!conf('use_auth')) { $username = '-1'; }
- $value = sql_escape($value);
+ $value = sql_escape($value);
+ $preference_id = sql_escape($preference_id);
+ $username = sql_escape($username);
+
$sql = "UPDATE user_preference SET value='$value' WHERE user='$username' AND preference='$preference_id'";
$db_results = @mysql_query($sql, dbh());
generated by cgit (git 2.34.1) at 2025-08-14 01:57:11 +0000