X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Foptions_highlight.php;h=55e1a32d9f98eee47f6b563f8a0e66109114d4e9;hp=fa91f2d4736f59f9d3e7ea0886cb503f42d54656;hb=8439f61d2eaaf3aa5fb0b911e3b410d70232c1c8;hpb=6e515418431c0a99f10705da21366fe7093f95b6 diff --git a/src/options_highlight.php b/src/options_highlight.php index fa91f2d4..55e1a32d 100644 --- a/src/options_highlight.php +++ b/src/options_highlight.php @@ -5,13 +5,16 @@ * * Displays message highlighting options * - * @copyright © 1999-2006 The SquirrelMail Project Team + * @copyright 1999-2012 The SquirrelMail Project Team * @license http://opensource.org/licenses/gpl-license.php GNU Public License * @version $Id$ * @package squirrelmail * @subpackage prefs */ +/** This is the options_highlight page */ +define('PAGE_NAME', 'options_highlight'); + /** * Include the SquirrelMail initialization file. */ @@ -29,6 +32,7 @@ sqGetGlobalVar('newcolor_input', $newcolor_input); sqGetGlobalVar('color_type', $color_type); sqGetGlobalVar('match_type', $match_type); sqGetGlobalVar('value', $value); +sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, ''); /* end of get globals */ @@ -49,6 +53,10 @@ if (! isset($message_highlight_list)) { if (isset($theid) && ($action == 'delete') || ($action == 'up') || ($action == 'down')) { + + // security check + sm_validate_security_token($submitted_token, 3600, TRUE); + $new_rules = array(); switch($action) { case('delete'): @@ -83,6 +91,9 @@ if (isset($theid) && ($action == 'delete') || exit; } else if ($action == 'save') { + // security check + sm_validate_security_token($submitted_token, 3600, TRUE); + if ($color_type == 1) $newcolor = $newcolor_choose; elseif ($color_type == 2) $newcolor = $newcolor_input; else $newcolor = $color_type; @@ -104,7 +115,7 @@ if (isset($theid) && ($action == 'delete') || setPref($data_dir, $username, 'hililist', serialize($message_highlight_list)); } -displayPageHeader($color, 'None'); +displayPageHeader($color); /** * Display the current rule list @@ -140,11 +151,13 @@ foreach($message_highlight_list as $index=>$rule) { $oTemplate->assign('current_rules', $rules); +$token = sm_generate_security_token(); + $oTemplate->assign('add_rule', 'options_highlight.php?action=add'); $oTemplate->assign('edit_rule', 'options_highlight.php?action=edit&theid='); -$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&theid='); -$oTemplate->assign('move_up', 'options_highlight.php?action=up&theid='); -$oTemplate->assign('move_down', 'options_highlight.php?action=down&theid='); +$oTemplate->assign('delete_rule', 'options_highlight.php?action=delete&smtoken=' . $token . '&theid='); +$oTemplate->assign('move_up', 'options_highlight.php?action=up&smtoken=' . $token . '&theid='); +$oTemplate->assign('move_down', 'options_highlight.php?action=down&smtoken=' . $token . '&theid='); $oTemplate->display('options_highlight_list.tpl'); @@ -333,7 +346,7 @@ if ($action == 'edit' || $action == 'add') { $oTemplate->assign('color_radio', ($selected_choose ? 1 : ($selected_input ? 2 : 0))); $oTemplate->assign('color_input', ($selected_input ? $color : '')); - echo addForm('options_highlight.php', 'post', 'f'). + echo addForm('options_highlight.php', 'post', 'f', '', '', array(), TRUE). addHidden('action', 'save'); if($action == 'edit') { echo addHidden('theid', (isset($theid)?$theid:'')); @@ -346,4 +359,3 @@ if ($action == 'edit' || $action == 'add') { do_hook('options_highlight_bottom', $null); $oTemplate->display('footer.tpl'); -?>