X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fchange_password%2Foptions.php;h=0b4946543384fbfc261f3592de775c18605b5952;hb=79ba18dc89b1b096ecdf0b77169d57e0caf661db;hp=3a9d69c20a559b5aaea1085b365df5a91d14b201;hpb=ebf9211b46d097c8ff4e8b6f6ab8c3a2c12731fd;p=squirrelmail.git diff --git a/plugins/change_password/options.php b/plugins/change_password/options.php index 3a9d69c2..0b494654 100644 --- a/plugins/change_password/options.php +++ b/plugins/change_password/options.php @@ -3,24 +3,50 @@ /** * options.php - Change Password HTML page * - * Copyright (c) 2004-2005 The SquirrelMail Project Team - * Licensed under the GNU GPL. For full terms see the file COPYING. - * + * @copyright 2004-2013 The SquirrelMail Project Team + * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package plugins * @subpackage change_password */ -/** @ignore */ -define('SM_PATH','../../'); +/** + * Include the SquirrelMail initialization file. + */ +require('../../include/init.php'); + +include_once (SM_PATH . 'plugins/change_password/functions.php'); +include_once (SM_PATH . 'functions/forms.php'); -require_once (SM_PATH . 'include/validate.php'); -require_once (SM_PATH . 'functions/page_header.php'); -require_once (SM_PATH . 'plugins/change_password/functions.php'); -require_once (SM_PATH . 'plugins/change_password/config.php'); -require_once (SM_PATH . 'functions/forms.php'); +/** load default config */ +if (file_exists(SM_PATH . 'plugins/change_password/config_default.php')) { + include_once (SM_PATH . 'plugins/change_password/config_default.php'); +} else { + // somebody decided to remove default config + $cpw_backend = 'template'; + $cpw_pass_min_length = 4; + $cpw_pass_max_length = 25; + $cpw_require_ssl = FALSE; +} -// you must load backend configuration here in order to get working change_password_init hook. +/** + * prevent possible corruption of configuration overrides in + * register_globals=on and preloaded php scripts. + */ +$cpw_ldap=array(); +$cpw_merak=array(); +$cpw_mysql=array(); +$cpw_poppassd=array(); +$cpw_vmailmgrd=array(); + +/** load site config */ +if (file_exists(SM_PATH . 'config/change_password_config.php')) { + include_once (SM_PATH . 'config/change_password_config.php'); +} elseif (file_exists(SM_PATH . 'plugins/change_password/config.php')) { + include_once (SM_PATH . 'plugins/change_password/config.php'); +} + +// must load backend libraries here in order to get working change_password_init hook. if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php')) { include_once(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'); } @@ -28,6 +54,10 @@ if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php' /* the form was submitted, go for it */ if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) { + // security check + sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); + sm_validate_security_token($submitted_token, -1, TRUE); + /* perform basic checks */ $Messages = cpw_check_input(); @@ -37,27 +67,28 @@ if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) { } } -displayPageHeader($color, 'None'); +displayPageHeader($color); -do_hook('change_password_init'); +do_hook('change_password_init', $null); ?>
0) { echo "\n"; } ?> -
-
+
\n"; foreach ($Messages as $line) { - echo htmlspecialchars($line) . "
\n"; + echo sm_encode_html_special_chars($line) . "
\n"; } echo "
+ @@ -78,5 +109,5 @@ if (isset($Messages) && count($Messages) > 0) {
- \ No newline at end of file + +