Don't push out onsubmit handler unless necessary

[squirrelmail.git] / src / addressbook.php

diff --git a/src/addressbook.php b/src/addressbook.php
index 46c989ad2694d54c83cef589fe3aa4c30e7b4d43..255c64d1293563b7efd2cdd60084bc4e00af6265 100644 (file)
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -5,7 +5,7 @@
  *
  * Manage personal address book.
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -31,6 +31,7 @@ require_once(SM_PATH . 'functions/forms.php');
 /** lets get the global vars we may need */
 
 /* From the address form */
+sqgetGlobalVar('smtoken',       $submitted_token, SQ_POST, '');
 sqgetGlobalVar('addaddr',       $addaddr,       SQ_POST);
 sqgetGlobalVar('editaddr',      $editaddr,      SQ_POST);
 sqgetGlobalVar('deladdr',       $deladdr,       SQ_POST);
@@ -97,6 +98,9 @@ $form_url = 'addressbook.php';
 /* Handle user's actions */
 if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
+    // first, validate security token
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     /**************************************************
      * Add new address                                *
      **************************************************/
@@ -111,7 +115,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
         if (!$r) {
             /* Remove backend name from error string */
             $errstr = $abook->error;
-            $errstr = ereg_replace('^\[.*\] *', '', $errstr);
+            $errstr = preg_replace('/^\[.*\] */', '', $errstr);
 
             $formerror = $errstr;
             $showaddrlist = false;