X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Ffolders.php;h=8ddd8d2c7d45bfb3cd6f02c9f591a744041c30a7;hp=91e41d79e27887efc568ef1bdf328e68d67adca2;hb=ce102fcc55bdbde46a6ecd8897c0df0567f19610;hpb=4b5049de2fa934c45599d6e4c74bf2bbee10d34d diff --git a/src/folders.php b/src/folders.php index 91e41d79..8ddd8d2c 100644 --- a/src/folders.php +++ b/src/folders.php @@ -6,12 +6,15 @@ * scripts which do most of the work. Also handles the Special * Folders. * - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright 1999-2011 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail */ +/** This is the folders page */ +define('PAGE_NAME', 'folders'); + /** * Include the SquirrelMail initialization file. */ @@ -22,11 +25,12 @@ require_once(SM_PATH . 'functions/imap_general.php'); require_once(SM_PATH . 'functions/folder_manip.php'); require_once(SM_PATH . 'functions/forms.php'); -displayPageHeader($color, 'None'); +displayPageHeader($color); /* get globals we may need */ sqgetGlobalVar('delimiter', $delimiter, SQ_SESSION); sqgetGlobalVar('smaction', $action, SQ_POST); +sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); /* end of get globals */ @@ -37,6 +41,10 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { switch ($action) { case 'create': + + // first, validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + sqgetGlobalVar('folder_name', $folder_name, SQ_POST); sqgetGlobalVar('subfolder', $subfolder, SQ_POST); sqgetGlobalVar('contain_subs', $contain_subs, SQ_POST); @@ -51,6 +59,10 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { sqgetGlobalVar('old_name', $old_name, SQ_POST); folders_rename_getname($imapConnection, $delimiter, $old_name); } else { + + // first, validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + sqgetGlobalVar('orig', $orig, SQ_POST); sqgetGlobalVar('old_name', $old_name, SQ_POST); folders_rename_do($imapConnection, $delimiter, $orig, $old_name, $new_name); @@ -63,6 +75,10 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { } sqgetGlobalVar('folder_name', $folder_name, SQ_POST); if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) { + + // first, validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + folders_delete_do($imapConnection, $delimiter, $folder_name); $td_str = _("Deleted folder successfully."); } else { @@ -70,11 +86,19 @@ if ( sqgetGlobalVar('smaction', $action, SQ_POST) ) { } break; case 'subscribe': + + // first, validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_subscribe($imapConnection, $folder_names); $td_str = _("Subscribed successfully."); break; case 'unsubscribe': + + // first, validate security token + sm_validate_security_token($submitted_token, 3600, TRUE); + sqgetGlobalVar('folder_names', $folder_names, SQ_POST); folders_unsubscribe($imapConnection, $folder_names); $td_str = _("Unsubscribed successfully."); @@ -193,4 +217,3 @@ $oTemplate->assign('subbox_option_list', $subbox_option_list); $oTemplate->display('folder_manip.tpl'); $oTemplate->display('footer.tpl'); -?>