*
* Manage personal address book.
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/** lets get the global vars we may need */
/* From the address form */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
sqgetGlobalVar('addaddr', $addaddr, SQ_POST);
sqgetGlobalVar('editaddr', $editaddr, SQ_POST);
sqgetGlobalVar('deladdr', $deladdr, SQ_POST);
/* Handle user's actions */
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
+ // first, validate security token
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/**************************************************
* Add new address *
**************************************************/
if (!$r) {
/* Remove backend name from error string */
$errstr = $abook->error;
- $errstr = ereg_replace('^\[.*\] *', '', $errstr);
+ $errstr = preg_replace('/^\[.*\] */', '', $errstr);
$formerror = $errstr;
$showaddrlist = false;