*
* Manage personal address book.
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/** lets get the global vars we may need */
/* From the address form */
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
sqgetGlobalVar('addaddr', $addaddr, SQ_POST);
sqgetGlobalVar('editaddr', $editaddr, SQ_POST);
sqgetGlobalVar('deladdr', $deladdr, SQ_POST);
/* Get sorting order */
$abook_sort_order = get_abook_sort();
-/* Create page header before addressbook_init in order to display error messages correctly. */
-displayPageHeader($color);
+// Create page header before addressbook_init in order to
+// display error messages correctly, unless we might be
+// redirecting the browser to the compose page.
+//
+if ((empty($compose_to)) || sizeof($sel) < 1)
+ displayPageHeader($color);
/* Open addressbook with error messages on.
remote backends (LDAP) are enabled because they can be used. (list_addr function)
/* Handle user's actions */
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
+ // first, validate security token
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
/**************************************************
* Add new address *
**************************************************/
if (!$r) {
/* Remove backend name from error string */
$errstr = $abook->error;
- $errstr = ereg_replace('^\[.*\] *', '', $errstr);
+ $errstr = preg_replace('/^\[.*\] */', '', $errstr);
$formerror = $errstr;
$showaddrlist = false;
if ($lookup_failed || empty($send_to)) {
$showaddrlist = true;
$defselected = $sel;
+
+ // we skipped the page header above for this functionality, so add it here
+ displayPageHeader($color);
}