*
* Displays message highlighting options
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2018 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @subpackage prefs
*/
+/** This is the options_highlight page */
+define('PAGE_NAME', 'options_highlight');
+
/**
* Include the SquirrelMail initialization file.
*/
sqGetGlobalVar('color_type', $color_type);
sqGetGlobalVar('match_type', $match_type);
sqGetGlobalVar('value', $value);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
/* end of get globals */
if (isset($theid) && ($action == 'delete') ||
($action == 'up') ||
($action == 'down')) {
+
+ // security check
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
$new_rules = array();
switch($action) {
case('delete'):
exit;
} else if ($action == 'save') {
+ // security check
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
if ($color_type == 1) $newcolor = $newcolor_choose;
elseif ($color_type == 2) $newcolor = $newcolor_input;
else $newcolor = $color_type;
setPref($data_dir, $username, 'hililist', serialize($message_highlight_list));
}
-displayPageHeader($color, 'None');
+displayPageHeader($color);
/**
* Display the current rule list
foreach($message_highlight_list as $index=>$rule) {
$a = array();
- $a['Name'] = htmlspecialchars($rule['name']);
+ $a['Name'] = sm_encode_html_special_chars($rule['name']);
$a['Color'] = $rule['color'];
$a['MatchField'] = '';
- $a['MatchValue'] = htmlspecialchars($rule['value']);
+ $a['MatchValue'] = sm_encode_html_special_chars($rule['value']);
switch ($rule['match_type']) {
case 'from' :
$a['MatchField'] = _("From");
$oTemplate->assign('current_rules', $rules);
+$token = sm_generate_security_token();
+
$oTemplate->assign('add_rule', 'options_highlight.php?action=add');
$oTemplate->assign('edit_rule', 'options_highlight.php?action=edit&theid=');
-$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&theid=');
-$oTemplate->assign('move_up', 'options_highlight.php?action=up&theid=');
-$oTemplate->assign('move_down', 'options_highlight.php?action=down&theid=');
+$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_up', 'options_highlight.php?action=up&smtoken=' . $token . '&theid=');
+$oTemplate->assign('move_down', 'options_highlight.php?action=down&smtoken=' . $token . '&theid=');
$oTemplate->display('options_highlight_list.tpl');
$oTemplate->assign('color_radio', ($selected_choose ? 1 : ($selected_input ? 2 : 0)));
$oTemplate->assign('color_input', ($selected_input ? $color : ''));
- echo addForm('options_highlight.php', 'post', 'f').
+ echo addForm('options_highlight.php', 'post', 'f', '', '', array(), TRUE).
addHidden('action', 'save');
if($action == 'edit') {
echo addHidden('theid', (isset($theid)?$theid:''));
do_hook('options_highlight_bottom', $null);
$oTemplate->display('footer.tpl');
-?>