Fix for security token missing in newmail plugin (#2919418).

[squirrelmail.git] / plugins / change_password / functions.php

diff --git a/plugins/change_password/functions.php b/plugins/change_password/functions.php
index 9e180f6f0f8c841e6577452069b79ece3a45c9d8..1e511274c4f710fce3621f395350c55c6ef150bd 100644 (file)
--- a/plugins/change_password/functions.php
+++ b/plugins/change_password/functions.php
@@ -3,7 +3,7 @@
 /**
  * functions.php - Change Password plugin
  *
- * @copyright © 2003-2006 The SquirrelMail Project Team
+ * @copyright 2003-2009 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
@@ -101,11 +101,11 @@ function cpw_do_change()
     $onetimepad = OneTimePadCreate(strlen($newpw));
     sqsession_register($onetimepad,'onetimepad');
     $key = OneTimePadEncrypt($newpw, $onetimepad);
-    setcookie('key', $key, 0, $base_uri);
+    sqsetcookie('key', $key, 0, $base_uri);
 
     /* make sure we write the session data before we redirect */
     session_write_close();
-    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1');
+    header('Location: '.SM_PATH. 'src/options.php?optmode=submit&optpage=change_password&plugin_change_password=1&smtoken=' . sm_generate_security_token());
     exit;
 }