From 9dc866338aede131ece294b2dcd939d61a60d187 Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sun, 16 Dec 2007 10:26:39 +0000
Subject: sync of fix to stable

---
 docs/CHANGELOG      | 1 +
 lib/preferences.php | 7 +++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docs/CHANGELOG b/docs/CHANGELOG
index d0ef2427..e5fbc2ec 100755
--- a/docs/CHANGELOG
+++ b/docs/CHANGELOG
@@ -4,6 +4,7 @@
 
 --------------------------------------------------------------------------
   v.3.4-Alpha4 
+	- Fixed potential issue with display on some preferences
 	- Added Length to Advanced Random and removed Minutes from methods 
 	- Added function exists check for session with redirect to /test.php
 		on failure
diff --git a/lib/preferences.php b/lib/preferences.php
index 45e12bbb..95062e37 100644
--- a/lib/preferences.php
+++ b/lib/preferences.php
@@ -112,7 +112,7 @@ function update_preference($user_id,$name,$pref_id,$value) {
 	} 
 	
 	/* Else make sure that the current users has the right to do this */
-	if (has_preference_access($name)) { 
+	if (Preference::has_access($name)) { 
 		$sql = "UPDATE `user_preference` SET `value`='$value' WHERE `preference`='$pref_id' AND `user`='$user_id'";
 		$db_results = Dba::query($sql);
 		return true;
@@ -159,10 +159,13 @@ function has_preference_access($name) {
  */
 function create_preference_input($name,$value) { 
 
+	// Escape it for output
+	$value = scrub_out($value); 
+
 	$len = strlen($value);
 	if ($len <= 1) { $len = 8; }
 
-	if (!has_preference_access($name)) { 
+	if (!Preference::has_access($name)) { 
 		if ($value == '1') { 
 			echo "Enabled";
 		}
-- 
cgit