*
* Display Identities Options
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
/* SquirrelMail required files. */
require_once(SM_PATH . 'functions/identity.php');
+require_once(SM_PATH . 'functions/forms.php');
/* make sure that page is not available when $edit_identity is false */
if (!$edit_identity) {
sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
sqgetGlobalVar('smaction', $smaction, SQ_POST);
sqgetGlobalVar('return', $return, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
// First lets see if there are any actions to perform //
if (!empty($smaction) && is_array($smaction)) {
+ // first do a security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
$doaction = '';
$identid = 0;
$i[count($i)] = $a;
//FIXME: NO HTML IN THE CORE
-echo '<form name="f" action="options_identities.php" method="post">' . "\n";
+echo '<form name="f" action="options_identities.php" method="post">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->assign('identities', $i);
$oTemplate->display('options_advidentity_list.tpl');
$return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, 'email_address'), $identity['email_address'], $bg);
$return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), $identity['reply_to'], $bg);
$return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), $identity['signature'], $bg);
- $return_str .= concat_hook_function('options_identities_table', $temp=array(&$bg, &$empty, &$id));
+ $temp = array(&$bg, &$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_table', $temp);
$return_str .= '<tr' . $bg . '> ' . "\n";
$return_str .= ' <td> </td>' . "\n";
$return_str .= ' <td>' . "\n";
}
- $return_str .= concat_hook_function('options_identities_buttons', $temp=array(&$empty, &$id));
+ $temp = array(&$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_buttons', $temp);
$return_str .= ' </td>' . "\n";
$return_str .= '</tr>' . "\n";
$return_str .= '<tr>' . "\n";