Fixed broken highlighting form (missing security tokens) (#3381117)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14144 7612ce4b-ef26-0410-bec9-ea0150e637f0

diff --git a/src/options_highlight.php b/src/options_highlight.php
index 13a6d9915d869895be48e58a461219ebcd07153a..4362d4e43742ad1598a5fd2b35c8b0e9f8701bb5 100644 (file)
--- a/src/options_highlight.php
+++ b/src/options_highlight.php
@@ -32,7 +32,7 @@ sqGetGlobalVar('newcolor_input', $newcolor_input);
 sqGetGlobalVar('color_type', $color_type);
 sqGetGlobalVar('match_type', $match_type);
 sqGetGlobalVar('value', $value);
-sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
 
 /* end of get globals */
 
@@ -151,11 +151,13 @@ foreach($message_highlight_list as $index=>$rule) {
 
 $oTemplate->assign('current_rules', $rules);
 
+$token = sm_generate_security_token();
+
 $oTemplate->assign('add_rule', 'options_highlight.php?action=add');
 $oTemplate->assign('edit_rule', 'options_highlight.php?action=edit&theid=');
-$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&theid=');
-$oTemplate->assign('move_up', 'options_highlight.php?action=up&theid=');
-$oTemplate->assign('move_down', 'options_highlight.php?action=down&theid=');
+$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_up', 'options_highlight.php?action=up&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_down', 'options_highlight.php?action=down&smtoken=' . $token . '&theid=');
 
 $oTemplate->display('options_highlight_list.tpl');