X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=src%2Foptions_identities.php;h=9032d1b8c6fcdc906eaf8eee351d4b1e34c73aed;hb=77a1e3d10b0fe8a81bd645e3797d425839592954;hp=33c5c7305d637b11f694902f5d3d6835de294636;hpb=b116fd78fe16a46736d204d8f81b558e2ea508f7;p=squirrelmail.git diff --git a/src/options_identities.php b/src/options_identities.php index 33c5c730..9032d1b8 100644 --- a/src/options_identities.php +++ b/src/options_identities.php @@ -5,7 +5,7 @@ * * Display Identities Options * - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright 1999-2022 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -13,6 +13,9 @@ * @since 1.1.3 */ +/** This is the options_identities page */ +define('PAGE_NAME', 'options_identities'); + /** * Include the SquirrelMail initialization file. */ @@ -20,6 +23,7 @@ require('../include/init.php'); /* SquirrelMail required files. */ require_once(SM_PATH . 'functions/identity.php'); +require_once(SM_PATH . 'functions/forms.php'); /* make sure that page is not available when $edit_identity is false */ if (!$edit_identity) { @@ -34,10 +38,14 @@ if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) { sqgetGlobalVar('newidentities', $newidentities, SQ_POST); sqgetGlobalVar('smaction', $smaction, SQ_POST); sqgetGlobalVar('return', $return, SQ_POST); +sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); // First lets see if there are any actions to perform // if (!empty($smaction) && is_array($smaction)) { + // first do a security check + sm_validate_security_token($submitted_token, -1, TRUE); + $doaction = ''; $identid = 0; @@ -72,10 +80,10 @@ foreach ($identities as $key=>$ident) { $a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key); $a['New'] = false; $a['Default'] = $key==0; - $a['FullName'] = htmlspecialchars($ident['full_name']); - $a['Email'] = htmlspecialchars($ident['email_address']); - $a['ReplyTo'] = htmlspecialchars($ident['reply_to']); - $a['Signature'] = htmlspecialchars($ident['signature']); + $a['FullName'] = sm_encode_html_special_chars($ident['full_name']); + $a['Email'] = sm_encode_html_special_chars($ident['email_address']); + $a['ReplyTo'] = sm_encode_html_special_chars($ident['reply_to']); + $a['Signature'] = sm_encode_html_special_chars($ident['signature']); $i[$key] = $a; } @@ -90,7 +98,8 @@ $a['Signature'] = ''; $i[count($i)] = $a; //FIXME: NO HTML IN THE CORE -echo '