X-Git-Url: https://vcs.fsf.org/?p=squirrelmail.git;a=blobdiff_plain;f=src%2Foptions_identities.php;h=f463e10f51cd79c6a64e5d7affe3e15d6d056cbf;hp=bb9dcaeb194d972a6eaa3e1a0a7b6dd9f5f18c85;hb=c0d968010e710870fdfee2f22d7cc9fad370c7a9;hpb=ddbd13dbf48d3428623e07f611d0156b5fe3c1f2

diff --git a/src/options_identities.php b/src/options_identities.php
index bb9dcaeb..f463e10f 100644
--- a/src/options_identities.php
+++ b/src/options_identities.php
@@ -5,7 +5,7 @@
  *
  * Display Identities Options
  *
- * @copyright © 1999-2007 The SquirrelMail Project Team
+ * @copyright 1999-2012 The SquirrelMail Project Team
  * @license http://opensource.org/licenses/gpl-license.php GNU Public License
  * @version $Id$
  * @package squirrelmail
@@ -23,6 +23,7 @@ require('../include/init.php');
 
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'functions/identity.php');
+require_once(SM_PATH . 'functions/forms.php');
 
 /* make sure that page is not available when $edit_identity is false */
 if (!$edit_identity) {
@@ -37,10 +38,14 @@ if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
 sqgetGlobalVar('newidentities', $newidentities, SQ_POST);
 sqgetGlobalVar('smaction', $smaction, SQ_POST);
 sqgetGlobalVar('return', $return, SQ_POST);
+sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
 
 // First lets see if there are any actions to perform //
 if (!empty($smaction) && is_array($smaction)) {
 
+    // first do a security check
+    sm_validate_security_token($submitted_token, 3600, TRUE);
+
     $doaction = '';
     $identid = 0;
 
@@ -93,7 +98,8 @@ $a['Signature'] = '';
 $i[count($i)] = $a;
 
 //FIXME: NO HTML IN THE CORE
-echo '<form name="f" action="options_identities.php" method="post">' . "\n";
+echo '<form name="f" action="options_identities.php" method="post">' . "\n"
+   . addHidden('smtoken', sm_generate_security_token()) . "\n";
 
 $oTemplate->assign('identities', $i);
 $oTemplate->display('options_advidentity_list.tpl');