X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Foptions_highlight.php;h=3de59008fe1d6b972364e68be5b7e7bb4dea9fc6;hp=872a5cdc9524453689e2f5fc20d76dd4ade344ae;hb=e6d142e72805d9dcda53d0d44d510cae9ce29b98;hpb=ebd2391cb0c5e3049870f90fa8a8b28707e9571a diff --git a/src/options_highlight.php b/src/options_highlight.php index 872a5cdc..3de59008 100644 --- a/src/options_highlight.php +++ b/src/options_highlight.php @@ -5,7 +5,7 @@ * * Displays message highlighting options * - * @copyright © 1999-2007 The SquirrelMail Project Team + * @copyright © 1999-2009 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail @@ -32,6 +32,7 @@ sqGetGlobalVar('newcolor_input', $newcolor_input); sqGetGlobalVar('color_type', $color_type); sqGetGlobalVar('match_type', $match_type); sqGetGlobalVar('value', $value); +sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, ''); /* end of get globals */ @@ -52,6 +53,10 @@ if (! isset($message_highlight_list)) { if (isset($theid) && ($action == 'delete') || ($action == 'up') || ($action == 'down')) { + + // security check + sm_validate_security_token($submitted_token, 3600, TRUE); + $new_rules = array(); switch($action) { case('delete'): @@ -86,6 +91,9 @@ if (isset($theid) && ($action == 'delete') || exit; } else if ($action == 'save') { + // security check + sm_validate_security_token($submitted_token, 3600, TRUE); + if ($color_type == 1) $newcolor = $newcolor_choose; elseif ($color_type == 2) $newcolor = $newcolor_input; else $newcolor = $color_type; @@ -336,7 +344,7 @@ if ($action == 'edit' || $action == 'add') { $oTemplate->assign('color_radio', ($selected_choose ? 1 : ($selected_input ? 2 : 0))); $oTemplate->assign('color_input', ($selected_input ? $color : '')); - echo addForm('options_highlight.php', 'post', 'f'). + echo addForm('options_highlight.php', 'post', 'f', '', '', array(), TRUE). addHidden('action', 'save'); if($action == 'edit') { echo addHidden('theid', (isset($theid)?$theid:''));