*
* Display Identities Options
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @since 1.1.3
*/
+/** This is the options_identities page */
+define('PAGE_NAME', 'options_identities');
+
/**
* Include the SquirrelMail initialization file.
*/
/* SquirrelMail required files. */
require_once(SM_PATH . 'functions/identity.php');
+require_once(SM_PATH . 'functions/forms.php');
/* make sure that page is not available when $edit_identity is false */
if (!$edit_identity) {
sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
sqgetGlobalVar('smaction', $smaction, SQ_POST);
sqgetGlobalVar('return', $return, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
// First lets see if there are any actions to perform //
if (!empty($smaction) && is_array($smaction)) {
+ // first do a security check
+ sm_validate_security_token($submitted_token, 3600, TRUE);
+
$doaction = '';
$identid = 0;
$i[count($i)] = $a;
//FIXME: NO HTML IN THE CORE
-echo '<form name="f" action="options_identities.php" method="post">' . "\n";
+echo '<form name="f" action="options_identities.php" method="post">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->assign('identities', $i);
$oTemplate->display('options_advidentity_list.tpl');
$return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, 'email_address'), $identity['email_address'], $bg);
$return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), $identity['reply_to'], $bg);
$return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), $identity['signature'], $bg);
- $return_str .= concat_hook_function('options_identities_table', $temp=array(&$bg, &$empty, &$id));
+ $temp = array(&$bg, &$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_table', $temp);
$return_str .= '<tr' . $bg . '> ' . "\n";
$return_str .= ' <td> </td>' . "\n";
$return_str .= ' <td>' . "\n";
}
- $return_str .= concat_hook_function('options_identities_buttons', $temp=array(&$empty, &$id));
+ $temp = array(&$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_buttons', $temp);
$return_str .= ' </td>' . "\n";
$return_str .= '</tr>' . "\n";
$return_str .= '<tr>' . "\n";
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '"> </td>' . "\n";
+ $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '" /> </td>' . "\n";
$str .= '</tr>';
return $str;
}
-?>