X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Foptions.php;h=b1d44e1f2325f94e1a45d2a03b1c99699ab826fd;hb=2f617223e0e2742d2d9377aadedd3737b3256430;hp=383c3d54bf2de14d197c149e128a45f1367f834a;hpb=9669833431103d4467075c4fbe59ba26238a657d;p=squirrelmail.git

diff --git a/src/options.php b/src/options.php
index 383c3d54..b1d44e1f 100644
--- a/src/options.php
+++ b/src/options.php
@@ -6,7 +6,7 @@
  * Displays the options page. Pulls from proper user preference files
  * and config.php. Displays preferences as selected and other options.
  *
- * @copyright &copy; 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -103,8 +103,9 @@ function process_optionmode_link($optpage) {
 
 /* get the globals that we may need */
 sqgetGlobalVar('optpage',     $optpage);
-sqgetGlobalVar('optmode',     $optmode,      SQ_FORM);
-sqgetGlobalVar('optpage_data',$optpage_data, SQ_POST);
+sqgetGlobalVar('optmode',     $optmode,         SQ_FORM);
+sqgetGlobalVar('optpage_data',$optpage_data,    SQ_POST);
+sqgetGlobalVar('smtoken',     $submitted_token, SQ_FORM, '');
 /* end of getting globals */
 
 /* Make sure we have an Option Page set. Default to main. */
@@ -199,6 +200,12 @@ if ( !@is_file( $optpage_file ) ) {
 /*** Next, process anything that needs to be processed. ***/
 /***********************************************************/
 
+// security check before saving anything...
+//FIXME: what about SMOPT_MODE_LINK??
+if ($optmode == SMOPT_MODE_SUBMIT) {
+   sm_validate_security_token($submitted_token, 3600, TRUE);
+}
+
 $optpage_save_error=array();
 
 if ( isset( $optpage_data ) ) {
@@ -291,7 +298,8 @@ if ($optpage == SMOPT_PAGE_MAIN) {
             $notice.= "</ul>\n" . _("Some of your preference changes were not applied.") . "\n";
         } else {
             /* Display a message indicating a successful save. */
-            $notice = _("Successfully Saved Options") . ": $optpage_name</b><br />\n";
+            // i18n: The %s represents the name of the option page saving the options
+            $notice = sprintf(_("Successfully Saved Options: %s"), $optpage_name) . "<br />\n";
         }
 
         /* If $max_refresh != SMOPT_REFRESH_NONE, provide a refresh link. */
@@ -463,7 +471,7 @@ if ($optpage == SMOPT_PAGE_MAIN) {
     }
 
     // Begin output form
-    echo addForm('options.php', 'post', 'option_form')
+    echo addForm('options.php', 'post', 'option_form', '', '', array(), TRUE)
        . create_optpage_element($optpage)
        . create_optmode_element(SMOPT_MODE_SUBMIT);
 
