Implemented security token system. (Secunia Advisory SA34627)

[squirrelmail.git] / src / addressbook.php

diff --git a/src/addressbook.php b/src/addressbook.php
index 0abf138bbf3e31acece815b82e97e7b925c494ef..24e1fc7f9ac9cdbb9e294d821c959feb18297123 100644 (file)
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -31,6 +31,7 @@ require_once(SM_PATH . 'functions/forms.php');
 /** lets get the global vars we may need */
 
 /* From the address form */
+sqgetGlobalVar('smtoken',       $submitted_token, SQ_POST, '');
 sqgetGlobalVar('addaddr',       $addaddr,       SQ_POST);
 sqgetGlobalVar('editaddr',      $editaddr,      SQ_POST);
 sqgetGlobalVar('deladdr',       $deladdr,       SQ_POST);
@@ -97,6 +98,9 @@ $form_url = 'addressbook.php';
 /* Handle user's actions */
 if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
+    // first, validate security token
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     /**************************************************
      * Add new address                                *
      **************************************************/