X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Fempty_trash.php;h=4c1099b284e829a9df80eb923143263b9fbecd6a;hb=3a634ed1d9902d54edf6921ee3c1b1c5e7b40db8;hp=67adce7bbda10d5a635bb42fd7ad60b6c39383f7;hpb=ebd2391cb0c5e3049870f90fa8a8b28707e9571a;p=squirrelmail.git

diff --git a/src/empty_trash.php b/src/empty_trash.php
index 67adce7b..4c1099b2 100644
--- a/src/empty_trash.php
+++ b/src/empty_trash.php
@@ -6,7 +6,7 @@
  * Handles deleting messages from the trash folder without
  * deleting subfolders.
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2016 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -30,7 +30,12 @@ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION);
 
 /* finished globals */
 
-$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
+// first do a security check
+sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, '');
+sm_validate_security_token($submitted_token, -1, TRUE);
+
+global $imap_stream_options; // in case not defined in config
+$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0, $imap_stream_options);
 
 $mailbox = $trash_folder;
 $boxes = sqimap_mailbox_list($imap_stream);