X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fchange_password%2Foptions.php;h=0b4946543384fbfc261f3592de775c18605b5952;hb=79ba18dc89b1b096ecdf0b77169d57e0caf661db;hp=3a9d69c20a559b5aaea1085b365df5a91d14b201;hpb=ebf9211b46d097c8ff4e8b6f6ab8c3a2c12731fd;p=squirrelmail.git
diff --git a/plugins/change_password/options.php b/plugins/change_password/options.php
index 3a9d69c2..0b494654 100644
--- a/plugins/change_password/options.php
+++ b/plugins/change_password/options.php
@@ -3,24 +3,50 @@
/**
* options.php - Change Password HTML page
*
- * Copyright (c) 2004-2005 The SquirrelMail Project Team
- * Licensed under the GNU GPL. For full terms see the file COPYING.
- *
+ * @copyright 2004-2013 The SquirrelMail Project Team
+ * @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
* @subpackage change_password
*/
-/** @ignore */
-define('SM_PATH','../../');
+/**
+ * Include the SquirrelMail initialization file.
+ */
+require('../../include/init.php');
+
+include_once (SM_PATH . 'plugins/change_password/functions.php');
+include_once (SM_PATH . 'functions/forms.php');
-require_once (SM_PATH . 'include/validate.php');
-require_once (SM_PATH . 'functions/page_header.php');
-require_once (SM_PATH . 'plugins/change_password/functions.php');
-require_once (SM_PATH . 'plugins/change_password/config.php');
-require_once (SM_PATH . 'functions/forms.php');
+/** load default config */
+if (file_exists(SM_PATH . 'plugins/change_password/config_default.php')) {
+ include_once (SM_PATH . 'plugins/change_password/config_default.php');
+} else {
+ // somebody decided to remove default config
+ $cpw_backend = 'template';
+ $cpw_pass_min_length = 4;
+ $cpw_pass_max_length = 25;
+ $cpw_require_ssl = FALSE;
+}
-// you must load backend configuration here in order to get working change_password_init hook.
+/**
+ * prevent possible corruption of configuration overrides in
+ * register_globals=on and preloaded php scripts.
+ */
+$cpw_ldap=array();
+$cpw_merak=array();
+$cpw_mysql=array();
+$cpw_poppassd=array();
+$cpw_vmailmgrd=array();
+
+/** load site config */
+if (file_exists(SM_PATH . 'config/change_password_config.php')) {
+ include_once (SM_PATH . 'config/change_password_config.php');
+} elseif (file_exists(SM_PATH . 'plugins/change_password/config.php')) {
+ include_once (SM_PATH . 'plugins/change_password/config.php');
+}
+
+// must load backend libraries here in order to get working change_password_init hook.
if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php')) {
include_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php');
}
@@ -28,6 +54,10 @@ if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'
/* the form was submitted, go for it */
if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
+ // security check
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
/* perform basic checks */
$Messages = cpw_check_input();
@@ -37,27 +67,28 @@ if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
}
}
-displayPageHeader($color, 'None');
+displayPageHeader($color);
-do_hook('change_password_init');
+do_hook('change_password_init', $null);
?>
- | 0) {
echo "|
\n";
foreach ($Messages as $line) {
- echo htmlspecialchars($line) . " \n"; + echo sm_encode_html_special_chars($line) . " \n"; } echo " | |
+
|