projects / squirrelmail.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Implemented security token system. (Secunia Advisory SA34627)
[squirrelmail.git] / templates / default_advanced / read_menubar_buttons.tpl
diff --git a/templates/default_advanced/read_menubar_buttons.tpl b/templates/default_advanced/read_menubar_buttons.tpl
index a6b2a3293e002eabcf03888dcb43ff2fda34b768..21ba1a407addb6e339c41597e6b82c396d5f9e0c 100644 (file)
--- a/templates/default_advanced/read_menubar_buttons.tpl
+++ b/templates/default_advanced/read_menubar_buttons.tpl
@@ -131,6 +131,7 @@ if ($nav_on_top) {
     if ($can_be_deleted) {
         ?>
     <form name="deleteMessageForm" action="<?php echo $move_delete_form_action; ?>" method="post">
+     <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token(); ?>" />
      <?php echo $delete_form_extra; ?>
      <small>
      <input type="submit" name="delete" <?php if ($accesskey_read_msg_delete != 'NONE') echo 'accesskey="' . $accesskey_read_msg_delete . '" '; ?>value="<?php 
@@ -157,6 +158,7 @@ echo ' />'; ?>
     if ($can_be_moved) {
         ?>
     <form name="moveMessageForm" action="<?php echo $move_delete_form_action; ?>" method="post">
+     <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token(); ?>" />
      <?php echo $move_form_extra; ?>
      <small>
      <?php echo _("Move To"); ?>:
Unnamed repository; edit this file 'description' to name the repository.