X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Faddressbook.php;h=255c64d1293563b7efd2cdd60084bc4e00af6265;hp=0abf138bbf3e31acece815b82e97e7b925c494ef;hb=ace33b58d2b4d8266e1dc66d1bbe54074eb01a70;hpb=b7910e12e76a7976ec5bdd722d4a51ed73b4e941

diff --git a/src/addressbook.php b/src/addressbook.php
index 0abf138b..255c64d1 100644
--- a/src/addressbook.php
+++ b/src/addressbook.php
@@ -5,7 +5,7 @@
  *
  * Manage personal address book.
  *
- * @copyright © 1999-2009 The SquirrelMail Project Team
+ * @copyright 1999-2010 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -31,6 +31,7 @@ require_once(SM_PATH . 'functions/forms.php');
 /** lets get the global vars we may need */
 
 /* From the address form */
+sqgetGlobalVar('smtoken',       $submitted_token, SQ_POST, '');
 sqgetGlobalVar('addaddr',       $addaddr,       SQ_POST);
 sqgetGlobalVar('editaddr',      $editaddr,      SQ_POST);
 sqgetGlobalVar('deladdr',       $deladdr,       SQ_POST);
@@ -97,6 +98,9 @@ $form_url = 'addressbook.php';
 /* Handle user's actions */
 if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
 
+    // first, validate security token
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     /**************************************************
      * Add new address                                *
      **************************************************/