git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@14383
7612ce4b-ef26-0410-bec9-
ea0150e637f0
12 files changed:
// don't do anything to any messages until we have done security check
// FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
// don't do anything to any messages until we have done security check
// FIXME: not sure this code really belongs here, but there's nowhere else to put it with this architecture
sqgetGlobalVar('smtoken', $submitted_token, SQ_FORM, '');
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
// make sure message UIDs are sanitized (BIGINT)
foreach ($aUid as $i => $uid)
// make sure message UIDs are sanitized (BIGINT)
foreach ($aUid as $i => $uid)
* @param string $token The token to validate
* @param int $validity_period The number of seconds tokens are valid
* for (set to zero to remove valid tokens
* @param string $token The token to validate
* @param int $validity_period The number of seconds tokens are valid
* for (set to zero to remove valid tokens
- * after only one use; use 3600 to allow
- * tokens to be reused for an hour)
- * (OPTIONAL; default is to only allow tokens
- * to be used once)
+ * after only one use; set to -1 to allow
+ * indefinite re-use (but still subject to
+ * $max_token_age_days - see elsewhere);
+ * use 3600 to allow tokens to be reused for
+ * an hour) (OPTIONAL; default is to only
+ * allow tokens to be used once)
* NOTE this is unrelated to $max_token_age_days
* or rather is an additional time constraint on
* tokens that allows them to be re-used (or not)
* NOTE this is unrelated to $max_token_age_days
* or rather is an additional time constraint on
* tokens that allows them to be re-used (or not)
$timestamp = $tokens[$token];
// whether valid or not, we want to remove it from
$timestamp = $tokens[$token];
// whether valid or not, we want to remove it from
- // user prefs if it's old enough
+ // user prefs if it's old enough (unless requested to
+ // bypass this (in which case $validity_period is -1))
- if ($timestamp < $now - $validity_period)
+ if ($validity_period >= 0
+ && $timestamp < $now - $validity_period)
{
unset($tokens[$token]);
setPref($data_dir, $username, 'security_tokens', serialize($tokens));
{
unset($tokens[$token]);
setPref($data_dir, $username, 'security_tokens', serialize($tokens));
// security check
sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
// security check
sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/* perform basic checks */
$Messages = cpw_check_input();
/* perform basic checks */
$Messages = cpw_check_input();
*/
sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
*/
sqgetGlobalVar('smtoken', $submitted_token, SQ_POST, '');
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
global $SQSPELL_APP_DEFAULT;
global $SQSPELL_APP_DEFAULT;
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
// first, validate security token
if(sqgetGlobalVar('REQUEST_METHOD', $req_method, SQ_SERVER) && $req_method == 'POST') {
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/**************************************************
* Add new address *
/**************************************************
* Add new address *
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
/*
* Set $default_charset to correspond with the user's selection
/*
* Set $default_charset to correspond with the user's selection
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if (isset($_FILES['attachfile']) &&
$_FILES['attachfile']['tmp_name'] &&
if (isset($_FILES['attachfile']) &&
$_FILES['attachfile']['tmp_name'] &&
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$signature = $idents[$identity]['signature'];
$signature = $idents[$identity]['signature'];
// validate security token
//
// validate security token
//
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
if ($compose_new_win == '1') {
compose_Header($color, $mailbox);
// first do a security check
sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, '');
// first do a security check
sqgetGlobalVar('smtoken', $submitted_token, SQ_GET, '');
-sm_validate_security_token($submitted_token, 3600, TRUE);
+sm_validate_security_token($submitted_token, -1, TRUE);
$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
$imap_stream = sqimap_login($username, false, $imapServerAddress, $imapPort, 0);
case 'create':
// first, validate security token
case 'create':
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqgetGlobalVar('folder_name', $folder_name, SQ_POST);
sqgetGlobalVar('subfolder', $subfolder, SQ_POST);
sqgetGlobalVar('folder_name', $folder_name, SQ_POST);
sqgetGlobalVar('subfolder', $subfolder, SQ_POST);
} else {
// first, validate security token
} else {
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqgetGlobalVar('orig', $orig, SQ_POST);
sqgetGlobalVar('old_name', $old_name, SQ_POST);
sqgetGlobalVar('orig', $orig, SQ_POST);
sqgetGlobalVar('old_name', $old_name, SQ_POST);
if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) {
// first, validate security token
if ( sqgetGlobalVar('confirmed', $dummy, SQ_POST) ) {
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
folders_delete_do($imapConnection, $delimiter, $folder_name);
$td_str = _("Deleted folder successfully.");
folders_delete_do($imapConnection, $delimiter, $folder_name);
$td_str = _("Deleted folder successfully.");
case 'subscribe':
// first, validate security token
case 'subscribe':
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_subscribe($imapConnection, $folder_names);
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_subscribe($imapConnection, $folder_names);
case 'unsubscribe':
// first, validate security token
case 'unsubscribe':
// first, validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_unsubscribe($imapConnection, $folder_names);
sqgetGlobalVar('folder_names', $folder_names, SQ_POST);
folders_unsubscribe($imapConnection, $folder_names);
// security check before saving anything...
//FIXME: what about SMOPT_MODE_LINK??
if ($optmode == SMOPT_MODE_SUBMIT) {
// security check before saving anything...
//FIXME: what about SMOPT_MODE_LINK??
if ($optmode == SMOPT_MODE_SUBMIT) {
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
}
$optpage_save_error=array();
}
$optpage_save_error=array();
($action == 'down')) {
// security check
($action == 'down')) {
// security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$new_rules = array();
switch($action) {
$new_rules = array();
switch($action) {
} else if ($action == 'save') {
// security check
} else if ($action == 'save') {
// security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
if ($color_type == 1) $newcolor = $newcolor_choose;
elseif ($color_type == 2) $newcolor = $newcolor_input;
if ($color_type == 1) $newcolor = $newcolor_choose;
elseif ($color_type == 2) $newcolor = $newcolor_input;
if (!empty($smaction) && is_array($smaction)) {
// first do a security check
if (!empty($smaction) && is_array($smaction)) {
// first do a security check
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
$doaction = '';
$identid = 0;
$doaction = '';
$identid = 0;
} else {
// first validate security token
} else {
// first validate security token
- sm_validate_security_token($submitted_token, 3600, TRUE);
+ sm_validate_security_token($submitted_token, -1, TRUE);
switch ($submit) {
case $search_button_text:
switch ($submit) {
case $search_button_text:
projects / squirrelmail.git / commitdiff