/**
* options.php - Change Password HTML page
*
- * @copyright © 2004-2007 The SquirrelMail Project Team
+ * @copyright 2004-2009 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
/* the form was submitted, go for it */
if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
+
+ // security check
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/* perform basic checks */
$Messages = cpw_check_input();
}
}
-displayPageHeader($color, 'None');
+displayPageHeader($color);
do_hook('change_password_init', $null);
?>
?><tr><td>
<?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
+ <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
<table>
<tr>
<th align="right"><?php echo _("Current Password:")?></th>