From f3ec6dd53b15c3d36a929cef87514daa116a3224 Mon Sep 17 00:00:00 2001
From: "Fedor A. Fetisov" <faf@ossg.ru>
Date: Fri, 7 Mar 2014 16:50:25 +0400
Subject: [PATCH] Prevent low level system settings from being stored in the
 database (see Issue #22)

---
 src/mibew/install/index.php | 17 +++++++++++++++++
 src/mibew/libs/common.php   |  9 ++++++++-
 src/mibew/libs/settings.php |  9 ++++++++-
 3 files changed, 33 insertions(+), 2 deletions(-)

diff --git a/src/mibew/install/index.php b/src/mibew/install/index.php
index 02eeaa48..c69479c4 100644
--- a/src/mibew/install/index.php
+++ b/src/mibew/install/index.php
@@ -252,6 +252,18 @@ function check_admin($link)
 	return false;
 }
 
+function remove_low_level_settings($link)
+{
+	global $mysqlprefix, $low_level_settings;
+	foreach ($low_level_settings as $key) {
+		if (!mysql_query("delete from ${mysqlprefix}chatconfig where vckey = '" . mysql_real_escape_string($key, $link) . "'", $link)) {
+			$errors[] = "Unable to remove low level setting " . htmlspecialchars($key) . " from the database. Error: " . mysql_error($link);
+			return false;
+		}
+	}
+	return true;
+}
+
 function check_status()
 {
 	global $page, $mibewroot, $settings, $dbversion;
@@ -286,6 +298,11 @@ function check_status()
 		return;
 	}
 
+	if (!remove_low_level_settings($link)) {
+		mysql_close($link);
+		return;
+	}
+
 	check_sound();
 
 	$page['done'][] = getlocal("installed.message");
diff --git a/src/mibew/libs/common.php b/src/mibew/libs/common.php
index d26c102d..2d046317 100644
--- a/src/mibew/libs/common.php
+++ b/src/mibew/libs/common.php
@@ -631,7 +631,7 @@ function date_to_text($unixtime)
 	return strftime($date_format . " " . getlocal("time.timeformat"), $unixtime);
 }
 
-$dbversion = '1.6.6';
+$dbversion = '1.6.10';
 $featuresversion = '1.6.6';
 
 $settings = array(
@@ -675,6 +675,13 @@ $settings = array(
 	'updatefrequency_oldchat' => 7,
 );
 $settingsloaded = false;
+
+// List of low level settings that can't be changed from the UI
+$low_level_settings = array(
+    'left_messages_locale',
+    'max_uploaded_file_size'
+);
+
 $settings_in_db = array();
 
 function loadsettings_($link)
diff --git a/src/mibew/libs/settings.php b/src/mibew/libs/settings.php
index 69489d38..0fd3129c 100644
--- a/src/mibew/libs/settings.php
+++ b/src/mibew/libs/settings.php
@@ -17,9 +17,16 @@
 
 function update_settings()
 {
-	global $settings, $settings_in_db, $mysqlprefix;
+	global $settings, $settings_in_db, $low_level_settings, $mysqlprefix;
 	$link = connect();
 	foreach ($settings as $key => $value) {
+
+// Don't store low level settings in the database to prevent them from being
+// unchangeable
+		if (in_array($key, $low_level_settings)) {
+			continue;
+		}
+
 		if (!isset($settings_in_db[$key])) {
 			perform_query("insert into ${mysqlprefix}chatconfig (vckey) values ('" . mysql_real_escape_string($key, $link) . "')", $link);
 		}