X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Foptions.php;h=b1d44e1f2325f94e1a45d2a03b1c99699ab826fd;hb=2f617223e0e2742d2d9377aadedd3737b3256430;hp=383c3d54bf2de14d197c149e128a45f1367f834a;hpb=9669833431103d4467075c4fbe59ba26238a657d;p=squirrelmail.git
diff --git a/src/options.php b/src/options.php
index 383c3d54..b1d44e1f 100644
--- a/src/options.php
+++ b/src/options.php
@@ -6,7 +6,7 @@
* Displays the options page. Pulls from proper user preference files
* and config.php. Displays preferences as selected and other options.
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
@@ -103,8 +103,9 @@ function process_optionmode_link($optpage) {
/* get the globals that we may need */
sqgetGlobalVar('optpage', $optpage);
-sqgetGlobalVar('optmode', $optmode, SQ_FORM);
-sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
+sqgetGlobalVar('optmode', $optmode, SQ_FORM);
+sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
/* end of getting globals */
/* Make sure we have an Option Page set. Default to main. */
@@ -199,6 +200,12 @@ if ( !@is_file( $optpage_file ) ) {
/*** Next, process anything that needs to be processed. ***/
/***********************************************************/
+// security check before saving anything...
+//FIXME: what about SMOPT_MODE_LINK??
+if ($optmode == SMOPT_MODE_SUBMIT) {
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+}
+
$optpage_save_error=array();
if ( isset( $optpage_data ) ) {
@@ -291,7 +298,8 @@ if ($optpage == SMOPT_PAGE_MAIN) {
$notice.= "\n" . _("Some of your preference changes were not applied.") . "\n";
} else {
/* Display a message indicating a successful save. */
- $notice = _("Successfully Saved Options") . ": $optpage_name
\n";
+ // i18n: The %s represents the name of the option page saving the options
+ $notice = sprintf(_("Successfully Saved Options: %s"), $optpage_name) . "
\n";
}
/* If $max_refresh != SMOPT_REFRESH_NONE, provide a refresh link. */
@@ -463,7 +471,7 @@ if ($optpage == SMOPT_PAGE_MAIN) {
}
// Begin output form
- echo addForm('options.php', 'post', 'option_form')
+ echo addForm('options.php', 'post', 'option_form', '', '', array(), TRUE)
. create_optpage_element($optpage)
. create_optmode_element(SMOPT_MODE_SUBMIT);