Implemented security token system. (Secunia Advisory SA34627)

[squirrelmail.git] / functions / mailbox_display.php

diff --git a/functions/mailbox_display.php b/functions/mailbox_display.php
index e6e16d269e6a92b1a4c4f02a4b30028d407f8617..3b917b741ab322a450b8f5cfe7a08ce205b6afb4 100644 (file)
--- a/functions/mailbox_display.php
+++ b/functions/mailbox_display.php
@@ -1341,6 +1341,12 @@ function handleMessageListForm($imapConnection, &$aMailbox, $sButton='',
     $aUid = (isset($msg) && is_array($msg)) ? array_values($msg) : $aUid;
     if (count($aUid) && $sButton != 'expunge') {
 
+        // don't do anything to any messages until we have done security check
+        // FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
+        // FIXME: we might need to open this up to SQ_FORM instead, especially for plugins (?)
+        sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+        sm_validate_security_token($submitted_token, 3600, TRUE);
+
         // make sure message UIDs are sanitized (BIGINT)
         foreach ($aUid as $i => $uid)
            $aUid[$i] = (preg_match('/^[0-9]+$/', $uid) ? $uid : '0');