Force the addition of a file suffix to attachments that lack a filename (helps forwar...

[squirrelmail.git] / src / addressbook.php

diff --git a/src/addressbook.php b/src/addressbook.php
index 0abf138bbf3e31acece815b82e97e7b925c494ef..255c64d1293563b7efd2cdd60084bc4e00af6265 100644 (file)
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -5,7 +5,7 @@
  *
  * Manage personal address book.
  *
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -31,6 +31,7 @@ require_once(SM_PATH . 'functions/forms.php');
 /** lets get the global vars we may need */
 
 /* From the address form */
+sqgetGlobalVar('smtoken',       $submitted_token, SQ_POST, '');
 sqgetGlobalVar('addaddr',       $addaddr,       SQ_POST);
 sqgetGlobalVar('editaddr',      $editaddr,      SQ_POST);
 sqgetGlobalVar('deladdr',       $deladdr,       SQ_POST);
@@ -97,6 +98,9 @@ $form_url = 'addressbook.php';
 /* Handle user's actions */
 if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
+    // first, validate security token
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     /**************************************************
      * Add new address                                *
      **************************************************/