Happy New Year

[squirrelmail.git] / plugins / change_password / options.php

diff --git a/plugins/change_password/options.php b/plugins/change_password/options.php
index 901a096dd274d65a58ef170c32fcdca213e80847..84698631acb4f994beb006e93b0dc4557ce7536d 100644 (file)
--- a/plugins/change_password/options.php
+++ b/plugins/change_password/options.php
@@ -3,17 +3,18 @@
 /**
  * options.php - Change Password HTML page
  *
- * @copyright © 2004-2006 The SquirrelMail Project Team
+ * @copyright 2004-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package plugins
  * @subpackage change_password
  */
 
-/** @ignore */
-define('SM_PATH','../../');
+/**
+ * Include the SquirrelMail initialization file.
+ */
+require('../../include/init.php');
 
-include_once (SM_PATH . 'include/validate.php');
 include_once (SM_PATH . 'plugins/change_password/functions.php');
 include_once (SM_PATH . 'functions/forms.php');
 
@@ -53,11 +54,9 @@ if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'
 /* the form was submitted, go for it */
 if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
 
-    // SM14 code: use change_password gettext domain binding for 1.4.x
-    if (! check_sm_version(1,5,0)) {
-        bindtextdomain('change_password',SM_PATH . 'locale');
-        textdomain('change_password');
-    }
+    // security check
+    sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+    sm_validate_security_token($submitted_token, -1, TRUE);
 
     /* perform basic checks */
     $Messages = cpw_check_input();
@@ -66,41 +65,30 @@ if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
     if(count($Messages) == 0) {
         $Messages = cpw_do_change();
     }
-
-    // SM14 code: use change_password gettext domain binding for 1.4.x
-    if (! check_sm_version(1,5,0)) {
-        bindtextdomain('squirrelmail',SM_PATH . 'locale');
-        textdomain('squirrelmail');
-    }
 }
 
-displayPageHeader($color, 'None');
-
-// SM14 code: use change_password gettext domain binding for 1.4.x
-if (! check_sm_version(1,5,0)) {
-    bindtextdomain('change_password',SM_PATH . 'locale');
-    textdomain('change_password');
-}
+displayPageHeader($color);
 
-do_hook('change_password_init');
+do_hook('change_password_init', $null);
 ?>
 
 <br />
 <table align="center" cellpadding="2" cellspacing="2" border="0">
 <tr><td bgcolor="<?php echo $color[0] ?>">
-   <center><b><?php echo _("Change Password") ?></b></center>
+   <div style="text-align: center;"><b><?php echo _("Change Password") ?></b></div>
 </td><?php
 
 if (isset($Messages) && count($Messages) > 0) {
     echo "<tr><td>\n";
     foreach ($Messages as $line) {
-        echo htmlspecialchars($line) . "<br />\n";
+        echo sm_encode_html_special_chars($line) . "<br />\n";
     }
     echo "</td></tr>\n";
 }
 
 ?><tr><td>
     <?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
+    <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
     <table>
       <tr>
         <th align="right"><?php echo _("Current Password:")?></th>
@@ -121,5 +109,5 @@ if (isset($Messages) && count($Messages) > 0) {
     </table>
     </form>
 </td></tr>
-</tr></table>
-</body></html>
\ No newline at end of file
+</table>
+</body></html>