projects
/
squirrelmail.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Add ability to control the display of the "Check Spelling" button. Allows administrat...
[squirrelmail.git]
/
plugins
/
change_password
/
options.php
diff --git
a/plugins/change_password/options.php
b/plugins/change_password/options.php
index 2d504666db9630aed3b8f937a8e2aeb33533e084..b09bb9381c28c4b589449e302986c029930272a0 100644
(file)
--- a/
plugins/change_password/options.php
+++ b/
plugins/change_password/options.php
@@
-3,7
+3,7
@@
/**
* options.php - Change Password HTML page
*
/**
* options.php - Change Password HTML page
*
- * @copyright 2004-20
09
The SquirrelMail Project Team
+ * @copyright 2004-20
17
The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package plugins
@@
-53,6
+53,11
@@
if (file_exists(SM_PATH . 'plugins/change_password/backend/'.$cpw_backend.'.php'
/* the form was submitted, go for it */
if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
/* the form was submitted, go for it */
if(sqgetGlobalVar('cpw_go', $cpw_go, SQ_POST)) {
+
+ // security check
+ sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
/* perform basic checks */
$Messages = cpw_check_input();
/* perform basic checks */
$Messages = cpw_check_input();
@@
-76,13
+81,14
@@
do_hook('change_password_init', $null);
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
if (isset($Messages) && count($Messages) > 0) {
echo "<tr><td>\n";
foreach ($Messages as $line) {
- echo
htmlspecial
chars($line) . "<br />\n";
+ echo
sm_encode_html_special_
chars($line) . "<br />\n";
}
echo "</td></tr>\n";
}
?><tr><td>
<?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
}
echo "</td></tr>\n";
}
?><tr><td>
<?php echo addForm($_SERVER['PHP_SELF'], 'post'); ?>
+ <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token() ?>" />
<table>
<tr>
<th align="right"><?php echo _("Current Password:")?></th>
<table>
<tr>
<th align="right"><?php echo _("Current Password:")?></th>