+ // don't do anything to any messages until we have done security check
+ // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+