Add clickjacking protection (thanks to Asbjorn Thorsen and Geir Hansen for bringing...

[squirrelmail.git] / templates / default_advanced / read_menubar_buttons.tpl

diff --git a/templates/default_advanced/read_menubar_buttons.tpl b/templates/default_advanced/read_menubar_buttons.tpl
index a6b2a3293e002eabcf03888dcb43ff2fda34b768..5f3f180f9926c363cecb1a05e2e770863643d7f0 100644 (file)
--- a/templates/default_advanced/read_menubar_buttons.tpl
+++ b/templates/default_advanced/read_menubar_buttons.tpl
@@ -50,7 +50,7 @@
  *    $accesskey_read_msg_copy         - The accesskey to be used for the Copy button
  *    
  *
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2011 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id: read_menubar_buttons.tpl 11850 2006-10-06 21:57:26Z stevetruckstuff $
  * @package squirrelmail
@@ -63,15 +63,7 @@
 extract($t);
 
 
-/*FIXME: This is a place where Marc's idea for putting all the buttons and 
-         links and other widgets into an array is sorely needed instead of
-         hard-coding everything.  Whomever implements that, PLEASE, PLEASE
-         look at how the preview pane plugin code is used here to change
-         some links and buttons and make sure your implementation can support
-         it (tip: it may or may not be OK to let a plugin do the modification
-         of the widgets, since a template set can turn on the needed plugin,
-         but that might not be the most clear way to solve said issue).*/
-
+/*FIXME: This is a place where Marc's idea for putting all the buttons and links and other widgets into an array is sorely needed instead of hard-coding everything.  Whomever implements that, PLEASE, PLEASE look at how the preview pane plugin code is used here to change some links and buttons and make sure your implementation can support it (tip: it may or may not be OK to let a plugin do the modification of the widgets, since a template set can turn on the needed plugin, but that might not be the most clear way to solve said issue).*/
 
 /** preview pane prep */
 global $data_dir, $username, $base_uri;
@@ -131,6 +123,7 @@ if ($nav_on_top) {
     if ($can_be_deleted) {
         ?>
     <form name="deleteMessageForm" action="<?php echo $move_delete_form_action; ?>" method="post">
+     <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token(); ?>" />
      <?php echo $delete_form_extra; ?>
      <small>
      <input type="submit" name="delete" <?php if ($accesskey_read_msg_delete != 'NONE') echo 'accesskey="' . $accesskey_read_msg_delete . '" '; ?>value="<?php 
@@ -157,6 +150,7 @@ echo ' />'; ?>
     if ($can_be_moved) {
         ?>
     <form name="moveMessageForm" action="<?php echo $move_delete_form_action; ?>" method="post">
+     <input type="hidden" name="smtoken" value="<?php echo sm_generate_security_token(); ?>" />
      <?php echo $move_form_extra; ?>
      <small>
      <?php echo _("Move To"); ?>: