From: pdontthink <pdontthink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sun, 11 Sep 2011 01:11:03 +0000 (+0000)
Subject: Fixed broken highlighting form (missing security tokens) (#3381117)
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=12ba9472f717849de39ad2648d2613f23a048077;p=squirrelmail.git

Fixed broken highlighting form (missing security tokens) (#3381117)

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14144 7612ce4b-ef26-0410-bec9-ea0150e637f0
---

diff --git a/src/options_highlight.php b/src/options_highlight.php
index 13a6d991..4362d4e4 100644
--- a/src/options_highlight.php
+++ b/src/options_highlight.php
@@ -32,7 +32,7 @@ sqGetGlobalVar('newcolor_input', $newcolor_input);
 sqGetGlobalVar('color_type', $color_type);
 sqGetGlobalVar('match_type', $match_type);
 sqGetGlobalVar('value', $value);
-sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
 
 /* end of get globals */
 
@@ -151,11 +151,13 @@ foreach($message_highlight_list as $index=>$rule) {
 
 $oTemplate->assign('current_rules', $rules);
 
+$token = sm_generate_security_token();
+
 $oTemplate->assign('add_rule', 'options_highlight.php?action=add');
 $oTemplate->assign('edit_rule', 'options_highlight.php?action=edit&amp;theid=');
-$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&amp;theid=');
-$oTemplate->assign('move_up', 'options_highlight.php?action=up&amp;theid=');
-$oTemplate->assign('move_down', 'options_highlight.php?action=down&amp;theid=');
+$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&amp;smtoken=' . $token . '&amp;theid=');
+$oTemplate->assign('move_up', 'options_highlight.php?action=up&amp;smtoken=' . $token . '&amp;theid=');
+$oTemplate->assign('move_down', 'options_highlight.php?action=down&amp;smtoken=' . $token . '&amp;theid=');
 
 $oTemplate->display('options_highlight_list.tpl');