Happy New Year

[squirrelmail.git] / src / options_highlight.php

diff --git a/src/options_highlight.php b/src/options_highlight.php
index 3de59008fe1d6b972364e68be5b7e7bb4dea9fc6..7b2751a2143952991091a58c80b1cb4661caf4fb 100644 (file)
--- a/src/options_highlight.php
+++ b/src/options_highlight.php
@@ -5,7 +5,7 @@
  *
  * Displays message highlighting options
  *
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -32,7 +32,7 @@ sqGetGlobalVar('newcolor_input', $newcolor_input);
 sqGetGlobalVar('color_type', $color_type);
 sqGetGlobalVar('match_type', $match_type);
 sqGetGlobalVar('value', $value);
-sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
 
 /* end of get globals */
 
@@ -55,7 +55,7 @@ if (isset($theid) && ($action == 'delete') ||
                      ($action == 'down')) {
 
     // security check
-    sm_validate_security_token($submitted_token, 3600, TRUE);
+    sm_validate_security_token($submitted_token, -1, TRUE);
 
     $new_rules = array();
     switch($action) {
@@ -92,7 +92,7 @@ if (isset($theid) && ($action == 'delete') ||
 } else if ($action == 'save') {
 
     // security check
-    sm_validate_security_token($submitted_token, 3600, TRUE);
+    sm_validate_security_token($submitted_token, -1, TRUE);
 
     if ($color_type == 1) $newcolor = $newcolor_choose;
     elseif ($color_type == 2) $newcolor = $newcolor_input;
@@ -124,10 +124,10 @@ $rules = array();
 foreach($message_highlight_list as $index=>$rule) {
     $a = array();
     
-    $a['Name'] = htmlspecialchars($rule['name']);
+    $a['Name'] = sm_encode_html_special_chars($rule['name']);
     $a['Color'] = $rule['color'];
     $a['MatchField'] = '';
-    $a['MatchValue'] = htmlspecialchars($rule['value']);
+    $a['MatchValue'] = sm_encode_html_special_chars($rule['value']);
     switch ($rule['match_type']) {
             case 'from' :
                 $a['MatchField'] = _("From");
@@ -151,11 +151,13 @@ foreach($message_highlight_list as $index=>$rule) {
 
 $oTemplate->assign('current_rules', $rules);
 
+$token = sm_generate_security_token();
+
 $oTemplate->assign('add_rule', 'options_highlight.php?action=add');
 $oTemplate->assign('edit_rule', 'options_highlight.php?action=edit&theid=');
-$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&theid=');
-$oTemplate->assign('move_up', 'options_highlight.php?action=up&theid=');
-$oTemplate->assign('move_down', 'options_highlight.php?action=down&theid=');
+$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_up', 'options_highlight.php?action=up&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_down', 'options_highlight.php?action=down&smtoken=' . $token . '&theid=');
 
 $oTemplate->display('options_highlight_list.tpl');