Fix XSS problem with unsanitized style tags in messages [CVE-2011-2023]

[squirrelmail.git] / src / options_identities.php

diff --git a/src/options_identities.php b/src/options_identities.php
index 7a49817cb54cc8aeb8425faea980e159fb7bc705..013ec3602cee077dd5e2e6e4aa5952e88fa04111 100644 (file)
--- a/src/options_identities.php
+++ b/src/options_identities.php
@@ -5,7 +5,7 @@
  *
  * Display Identities Options
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -13,6 +13,9 @@
  * @since 1.1.3
  */
 
+/** This is the options_identities page */
+define('PAGE_NAME', 'options_identities');
+
 /**
  * Include the SquirrelMail initialization file.
  */
@@ -20,6 +23,7 @@ require('../include/init.php');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'functions/identity.php');
+require_once(SM_PATH . 'functions/forms.php');
 
 /* make sure that page is not available when $edit_identity is false */
 if (!$edit_identity) {
@@ -34,10 +38,14 @@ if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
 sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
 sqgetGlobalVar('smaction', $smaction, SQ_POST);
 sqgetGlobalVar('return', $return, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
 
 // First lets see if there are any actions to perform //
 if (!empty($smaction) && is_array($smaction)) {
 
+    // first do a security check
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     $doaction = '';
     $identid = 0;
 
@@ -90,7 +98,8 @@ $a['Signature'] = '';
 $i[count($i)] = $a;
 
 //FIXME: NO HTML IN THE CORE
-echo '<form name="f" action="options_identities.php" method="post">' . "\n";
+echo '<form name="f" action="options_identities.php" method="post">' . "\n"
+   . addHidden('smtoken', sm_generate_security_token()) . "\n";
 
 $oTemplate->assign('identities', $i);
 $oTemplate->display('options_advidentity_list.tpl');
@@ -153,7 +162,8 @@ function ShowIdentityInfo($title, $identity, $id ) {
     $return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, 'email_address'), $identity['email_address'], $bg);
     $return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), $identity['reply_to'], $bg);
     $return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), $identity['signature'], $bg);
-    $return_str .= concat_hook_function('options_identities_table', $temp=array(&$bg, &$empty, &$id));
+    $temp = array(&$bg, &$empty, &$id);
+    $return_str .= concat_hook_function('options_identities_table', $temp);
     $return_str .= '<tr' . $bg . '> ' . "\n";
     $return_str .= '  <td> &nbsp; </td>' . "\n";
     $return_str .= '  <td>' . "\n";
@@ -169,7 +179,8 @@ function ShowIdentityInfo($title, $identity, $id ) {
 
     }
 
-    $return_str .= concat_hook_function('options_identities_buttons', $temp=array(&$empty, &$id));
+    $temp = array(&$empty, &$id);
+    $return_str .= concat_hook_function('options_identities_buttons', $temp);
     $return_str .= '  </td>' . "\n";
     $return_str .= '</tr>' . "\n";
     $return_str .= '<tr>' . "\n";
@@ -196,7 +207,7 @@ function sti_input( $title, $name, $data, $bgcolor ) {
     $str = '';
     $str .= '<tr' . $bgcolor . ">\n";
     $str .= '  <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
-    $str .= '  <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '"> </td>' . "\n";
+    $str .= '  <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '" /> </td>' . "\n";
     $str .= '</tr>';
 
     return $str;
@@ -226,4 +237,3 @@ function sti_textarea( $title, $name, $data, $bgcolor ) {
 
 }
 
-?>