X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;ds=sidebyside;f=src%2Faddressbook.php;h=4ce0d5b6ab3024e03b17227c5cc5fd1533a56a5e;hb=316c380a2f5f3495fc8f95f304514d4082b0aa8b;hp=75a337a1e34be6df6e681c47567fd66ab6edf862;hpb=c0d968010e710870fdfee2f22d7cc9fad370c7a9;p=squirrelmail.git

diff --git a/src/addressbook.php b/src/addressbook.php
index 75a337a1..4ce0d5b6 100644
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -5,7 +5,7 @@
  *
  * Manage personal address book.
  *
- * @copyright 1999-2012 The SquirrelMail Project Team
+ * @copyright 1999-2013 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -99,7 +99,7 @@ $form_url = 'addressbook.php';
 if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
     // first, validate security token
-    sm_validate_security_token($submitted_token, 3600, TRUE);
+    sm_validate_security_token($submitted_token, -1, TRUE);
 
     /**************************************************
      * Add new address                                *
@@ -233,7 +233,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
                         $olddata = $abook->lookup($enick, $ebackend);
                         // Test if $olddata really contains anything and return an error message if it doesn't
                         if (!$olddata) {
-                            error_box(nl2br(htmlspecialchars($abook->error)));
+                            error_box(nl2br(sm_encode_html_special_chars($abook->error)));
                         } else {
                             /* Display the "new address" form */
                             echo abook_create_form($form_url, 'editaddr',
@@ -255,7 +255,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
                     /* Handle error messages */
                     if (!$r) {
                         /* Display error */
-                        plain_error_message( nl2br(htmlspecialchars($abook->error)));
+                        plain_error_message( nl2br(sm_encode_html_special_chars($abook->error)));
 
                         /* Display the "new address" form again */
                         echo abook_create_form($form_url, 'editaddr',
@@ -299,7 +299,7 @@ if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'P
 
 /* Display error messages */
 if (!empty($formerror)) {
-    plain_error_message(nl2br(htmlspecialchars($formerror)));
+    plain_error_message(nl2br(sm_encode_html_special_chars($formerror)));
 }
 
 
@@ -326,7 +326,7 @@ while (list($k, $backend) = each ($abook->backends)) {
             $addresses[$backend->bnum] = $a;
         } else {
             // list_addr() returns boolean
-            plain_error_message(nl2br(htmlspecialchars($abook->error)));
+            plain_error_message(nl2br(sm_encode_html_special_chars($abook->error)));
         }
     } else {
         $addresses[$backend->bnum] = $a;