From e1ceb050e19c7574bca146a8da7047ee4ff456b5 Mon Sep 17 00:00:00 2001
From: Marius Burkard <m.burkard@pixcept.de>
Date: Sun, 10 Jul 2016 05:02:35 -0400
Subject: [PATCH] Merge branch 'stable-3.1'

---
 interface/web/tools/user_settings.php |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index 42e5559..ccf86ad 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -63,7 +63,7 @@
 		$app->tform->loadFormDef($tform_def_file);
 
 		// Importing ID
-		$this->id = $_SESSION['s']['user']['userid'];
+		$this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
 		$_POST['id'] = $_SESSION['s']['user']['userid'];
 
 		if(count($_POST) > 1) {
@@ -86,8 +86,22 @@
 		if($_POST['passwort'] != $_POST['repeat_password']) {
 			$app->tform->errorMessage = $app->tform->lng('password_mismatch');
 		}
-		$_SESSION['s']['user']['language'] = $_POST['language'];
-		$_SESSION['s']['language'] = $_POST['language'];
+		if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+			$_SESSION['s']['user']['language'] = $_POST['language'];
+			$_SESSION['s']['language'] = $_POST['language'];
+		} else {
+			$app->error('Invalid language.');
+		}
+	}
+	
+	function onAfterUpdate() {
+		global $app;
+		
+		if($_POST['passwort'] != '') {
+			$tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
+			$_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
+			unset($tmp_user);
+		}
 	}
 
 

--
Gitblit v1.9.1