*
* Display Identities Options
*
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2020 The SquirrelMail Project Team
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
* @version $Id$
* @package squirrelmail
* @since 1.1.3
*/
+/** This is the options_identities page */
+define('PAGE_NAME', 'options_identities');
+
/**
* Include the SquirrelMail initialization file.
*/
/* SquirrelMail required files. */
require_once(SM_PATH . 'functions/identity.php');
+require_once(SM_PATH . 'functions/forms.php');
/* make sure that page is not available when $edit_identity is false */
if (!$edit_identity) {
sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
sqgetGlobalVar('smaction', $smaction, SQ_POST);
sqgetGlobalVar('return', $return, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
// First lets see if there are any actions to perform //
if (!empty($smaction) && is_array($smaction)) {
+ // first do a security check
+ sm_validate_security_token($submitted_token, -1, TRUE);
+
$doaction = '';
$identid = 0;
exit;
}
-displayPageHeader($color, 'None');
+displayPageHeader($color);
/* since 1.1.3 */
do_hook('options_identities_top', $null);
$a['Title'] = $key==0 ? _("Default Identity") : sprintf(_("Alternate Identity %d"), $key);
$a['New'] = false;
$a['Default'] = $key==0;
- $a['FullName'] = htmlspecialchars($ident['full_name']);
- $a['Email'] = htmlspecialchars($ident['email_address']);
- $a['ReplyTo'] = htmlspecialchars($ident['reply_to']);
- $a['Signature'] = htmlspecialchars($ident['signature']);
+ $a['FullName'] = sm_encode_html_special_chars($ident['full_name']);
+ $a['Email'] = sm_encode_html_special_chars($ident['email_address']);
+ $a['ReplyTo'] = sm_encode_html_special_chars($ident['reply_to']);
+ $a['Signature'] = sm_encode_html_special_chars($ident['signature']);
$i[$key] = $a;
}
$i[count($i)] = $a;
//FIXME: NO HTML IN THE CORE
-echo '<form name="f" action="options_identities.php" method="post">' . "\n";
+echo '<form name="f" action="options_identities.php" method="post">' . "\n"
+ . addHidden('smtoken', sm_generate_security_token()) . "\n";
$oTemplate->assign('identities', $i);
$oTemplate->display('options_advidentity_list.tpl');
/**
* Returns html formated identity form fields
*
- * Contains options_identities_buttons and option_identities_table hooks.
+ * Contains options_identities_buttons and options_identities_table hooks.
* Before 1.4.5/1.5.1 hooks were placed in ShowTableInfo() function.
* In 1.1.3-1.4.1 they were called in do_hook function with two or
* three arguments. Since 1.4.1 hooks are called in concat_hook_function.
$return_str .= sti_input( _("E-Mail Address") , sprintf($name, $id, 'email_address'), $identity['email_address'], $bg);
$return_str .= sti_input( _("Reply To"), sprintf($name, $id, 'reply_to'), $identity['reply_to'], $bg);
$return_str .= sti_textarea( _("Signature"), sprintf($name, $id, 'signature'), $identity['signature'], $bg);
- $return_str .= concat_hook_function('options_identities_table', $temp=array(&$bg, &$empty, &$id));
+ $temp = array(&$bg, &$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_table', $temp);
$return_str .= '<tr' . $bg . '> ' . "\n";
$return_str .= ' <td> </td>' . "\n";
$return_str .= ' <td>' . "\n";
}
- $return_str .= concat_hook_function('options_identities_buttons', $temp=array(&$empty, &$id));
+ $temp = array(&$empty, &$id);
+ $return_str .= concat_hook_function('options_identities_buttons', $temp);
$return_str .= ' </td>' . "\n";
$return_str .= '</tr>' . "\n";
$return_str .= '<tr>' . "\n";
* Creates html formated table row with input field
* @param string $title Name displayed next to input field
* @param string $name Name of input field
- * @param string $data Default value of input field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of input field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with text input field
* @since 1.2.0 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. htmlspecialchars($data) . '"> </td>' . "\n";
+ $str .= ' <td> <input type="text" name="' . $name . '" size="50" value="'. sm_encode_html_special_chars($data) . '" /> </td>' . "\n";
$str .= '</tr>';
return $str;
* Creates html formated table row with textarea field
* @param string $title Name displayed next to textarea field
* @param string $name Name of textarea field
- * @param string $data Default value of textarea field (data is sanitized with htmlspecialchars)
+ * @param string $data Default value of textarea field (data is sanitized with sm_encode_html_special_chars)
* @param string $bgcolor html attributes added to row element (tr)
* @return string html formated table row with textarea
* @since 1.2.5 (arguments differ since 1.4.5/1.5.1)
$str = '';
$str .= '<tr' . $bgcolor . ">\n";
$str .= ' <td style="white-space: nowrap;text-align:right;">' . $title . ' </td>' . "\n";
- $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. htmlspecialchars($data) . '</textarea> </td>' . "\n";
+ $str .= ' <td> <textarea name="' . $name . '" cols="50" rows="5">'. "\n" . sm_encode_html_special_chars($data) . '</textarea> </td>' . "\n";
$str .= '</tr>';
return $str;
}
-?>
projects / squirrelmail.git / blobdiff