From 04dc606831319f588e9c16a04dc17daeae1a262f Mon Sep 17 00:00:00 2001
From: FusionPBX <markjcrane@gmail.com>
Date: Sat, 13 May 2023 14:05:41 -0600
Subject: [PATCH] Update user_settings.php

---
 core/user_settings/user_settings.php | 74 +++++++++++++++++-----------
 1 file changed, 45 insertions(+), 29 deletions(-)

diff --git a/core/user_settings/user_settings.php b/core/user_settings/user_settings.php
index e72f08b58e..7f9e2a6870 100644
--- a/core/user_settings/user_settings.php
+++ b/core/user_settings/user_settings.php
@@ -43,13 +43,13 @@
 	}
 
 //get the http post data
-	if ($_POST['action'] != '') {
-		$action = $_POST['action'];
-		$user_uuid = $_POST['user_uuid'];
-		$user_settings = $_POST['user_settings'];
+	if (!empty($_POST['action'])) {
+		$action = $_POST['action'] ?? '';
+		$user_uuid = $_POST['user_uuid'] ?? '';
+		$user_settings = $_POST['user_settings'] ?? '';
 
 		//process the http post data by action
-			if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+			if (!empty($user_settings)) {
 				switch ($action) {
 					case 'toggle':
 						if (permission_exists('user_setting_edit')) {
@@ -78,7 +78,7 @@
 	if (
 		is_uuid($_REQUEST["user_id"]) &&
 		is_array($_REQUEST["id"]) &&
-		sizeof($_REQUEST["id"]) == 1 &&
+		!empty($_REQUEST["id"]) &&
 		($_REQUEST['enabled'] === 'true' || $_REQUEST['enabled'] === 'false')
 		) {
 
@@ -103,27 +103,37 @@
 */
 
 //get the variables
-	$order_by = $_GET["order_by"];
-	$order = $_GET["order"];
+	$order_by = $_GET["order_by"] ?? '';
+	$order = $_GET["order"] ?? '';
 
-//common sql where
-	$sql_where = "where user_uuid = :user_uuid ";
-	$sql_where .= "and not ( ";
-	$sql_where .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') ";
-	$sql_where .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') ";
-	$sql_where .= ") ";
-	$parameters['user_uuid'] = $user_uuid;
+//set from session variables
+	$list_row_edit_button = !empty($_SESSION['theme']['list_row_edit_button']['boolean']) ? $_SESSION['theme']['list_row_edit_button']['boolean'] : 'false';
+	$button_icon_back = !empty($_SESSION['theme']['button_icon_back']) ? $_SESSION['theme']['button_icon_back'] : '';
+	$button_icon_add = !empty($_SESSION['theme']['button_icon_add']) ? $_SESSION['theme']['button_icon_add'] : '';
+	$button_icon_copy = !empty($_SESSION['theme']['button_icon_copy']) ? $_SESSION['theme']['button_icon_copy'] : '';
+	$button_icon_toggle = !empty($_SESSION['theme']['button_icon_toggle']) ? $_SESSION['theme']['button_icon_toggle'] : '';
+	$button_icon_all = !empty($_SESSION['theme']['button_icon_all']) ? $_SESSION['theme']['button_icon_all'] : '';
+	$button_icon_delete = !empty($_SESSION['theme']['button_icon_delete']) ? $_SESSION['theme']['button_icon_delete'] : '';
+	$button_icon_search = !empty($_SESSION['theme']['button_icon_search']) ? $_SESSION['theme']['button_icon_search'] : '';
+	$button_icon_edit = !empty($_SESSION['theme']['button_icon_edit']) ? $_SESSION['theme']['button_icon_edit'] : '';
+	$button_icon_reset = !empty($_SESSION['theme']['button_icon_reset']) ? $_SESSION['theme']['button_icon_reset'] : '';
 
 //prepare to page the results
 	$sql = "select count(*) from v_user_settings ";
-	$sql .= $sql_where;
+	$sql .= "where user_uuid = :user_uuid ";
+	$sql .= "and not ( ";
+	$sql .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') ";
+	$sql .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') ";
+	$sql .= ") ";
+	$parameters['user_uuid'] = $user_uuid;
 	$database = new database;
 	$num_rows = $database->select($sql, $parameters, 'column');
 	unset($sql);
 
 //prepare to page the results
-	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 100;
-	$param = "";
+	$rows_per_page = (!empty($_SESSION['domain']['paging']['numeric'])) ? $_SESSION['domain']['paging']['numeric'] : 100;
+	$param = '';
+	$paging_controls = '';
 	if (isset($_GET['page'])) {
 		$page = $_GET['page'];
 		if (empty($page)) { $page = 0; $_GET['page'] = 0; }
@@ -137,14 +147,19 @@
 //get the list
 	$sql = "select user_setting_uuid, user_uuid, user_setting_category, user_setting_subcategory, user_setting_name, user_setting_value, cast(user_setting_enabled as text), user_setting_description ";
 	$sql .= "from v_user_settings ";
-	$sql .= $sql_where;
-	if ($order_by == '') {
+	$sql .= "where user_uuid = :user_uuid ";
+	$sql .= "and not ( ";
+	$sql .= "(user_setting_category = 'domain' and user_setting_subcategory = 'language') ";
+	$sql .= "or (user_setting_category = 'domain' and user_setting_subcategory = 'time_zone') ";
+	$sql .= ") ";
+	if (!empty($order_by)) {
 		$sql .= "order by user_setting_category, user_setting_subcategory, user_setting_order asc ";
 	}
 	else {
 		$sql .= order_by($order_by, $order);
 	}
 	$sql .= limit_offset($rows_per_page, $offset);
+	$parameters['user_uuid'] = $user_uuid;
 	$database = new database;
 	$user_settings = $database->select($sql, $parameters, 'all');
 	unset($sql, $sql_where, $parameters);
@@ -157,15 +172,15 @@
 	echo "<div class='action_bar' id='action_bar_sub'>\n";
 	echo "	<div class='heading'><b id='heading_sub'>".$text['header-user_settings']."</b></div>\n";
 	echo "	<div class='actions'>\n";
-	echo button::create(['type'=>'button','id'=>'action_bar_sub_button_back','label'=>$text['button-back'],'icon'=>$_SESSION['theme']['button_icon_back'],'style'=>'margin-right: 15px; display: none;','link'=>'users.php']);
+	echo button::create(['type'=>'button','id'=>'action_bar_sub_button_back','label'=>$text['button-back'],'icon'=>$button_icon_back,'style'=>'margin-right: 15px; display: none;','link'=>'users.php']);
 	if (permission_exists('user_setting_add')) {
-		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>PROJECT_PATH.'/core/user_settings/user_setting_edit.php?user_uuid='.urlencode($_GET['id'])]);
+		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$button_icon_add,'id'=>'btn_add','link'=>PROJECT_PATH.'/core/user_settings/user_setting_edit.php?user_uuid='.urlencode($_GET['id'])]);
 	}
 	if (permission_exists('user_setting_edit') && $user_settings) {
-		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'name'=>'btn_toggle','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);
+		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$button_icon_toggle,'name'=>'btn_toggle','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);
 	}
 	if (permission_exists('user_setting_delete') && $user_settings) {
-		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'name'=>'btn_delete','onclick'=>"modal_open('modal-delete','btn_delete');"]);
+		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$button_icon_delete,'name'=>'btn_delete','onclick'=>"modal_open('modal-delete','btn_delete');"]);
 	}
 	echo "	</div>\n";
 	echo "	<div style='clear: both;'></div>\n";
@@ -186,7 +201,8 @@
 	echo "<input type='hidden' name='user_uuid' value='".$user_uuid."'>\n";
 
 	echo "<table class='list'>\n";
-	if (is_array($user_settings) && @sizeof($user_settings) != 0) {
+	if (!empty($user_settings)) {
+		$previous_user_setting_category = '';
 		$x = 0;
 		foreach ($user_settings as $row) {
 			$user_setting_category = strtolower($row['user_setting_category']);
@@ -223,7 +239,7 @@
 				echo "<th class='pct-30'>".$text['label-value']."</th>";
 				echo "<th class='center'>".$text['label-enabled']."</th>";
 				echo "<th class='pct-25 hide-sm-dn'>".$text['label-description']."</th>";
-				if (permission_exists('user_setting_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+				if (permission_exists('user_setting_edit') && $list_row_edit_button == 'true') {
 					echo "	<td class='action-button'>&nbsp;</td>\n";
 				}
 				echo "</tr>\n";
@@ -258,7 +274,7 @@
 				$parameters['menu_uuid'] = $row['user_setting_value'];
 				$database = new database;
 				$sub_result = $database->select($sql, $parameters, 'all');
-				if (is_array($sub_result) && sizeof($sub_result) != 0) {
+				if (!empty($sub_result)) {
 					foreach ($sub_result as &$sub_row) {
 						echo escape($sub_row["menu_language"])." - ".escape($sub_row["menu_name"])."\n";
 					}
@@ -336,9 +352,9 @@
 			}
 			echo "	</td>\n";
 			echo "	<td class='description overflow hide-sm-dn' title=\"".escape($row['user_setting_description'])."\">".escape($row['user_setting_description'])."&nbsp;</td>\n";
-			if (permission_exists('user_setting_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') {
+			if (permission_exists('user_setting_edit') && $list_row_edit_button == 'true') {
 				echo "	<td class='action-button'>\n";
-				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
+				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$button_icon_edit,'link'=>$list_row_url]);
 				echo "	</td>\n";
 			}
 			echo "</tr>\n";