Merge commit 'v3.1'

[squirrelmail-change-pass.git] / options.php

diff --git a/options.php b/options.php
index 7649a3c..7bae346 100644 (file)
--- a/options.php
+++ b/options.php
@@ -3,7 +3,7 @@
 /*
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
- * $Id: options.php,v 1.7 2009/05/05 03:09:22 indiri69 Exp $
+ * $Id: options.php,v 1.8 2009/12/09 00:21:11 indiri69 Exp $
  */
 
 define('SM_PATH', '../../');
@@ -13,6 +13,10 @@ require_once(SM_PATH . 'functions/forms.php');
 
 $debug = false;
 
+if(!sqgetGlobalVar('smtoken', $submitted_token, SQ_POST)) {
+    $submitted_token = '';
+}
+
 // Make sure the plugin is activated
 global $plugins;
 if(!in_array('change_pass', $plugins)) {
@@ -35,6 +39,7 @@ $error_messages = array();
 $showform = true;
 
 if (isset($change_pass_form)) {
+    sm_validate_security_token($submitted_token, 3600, TRUE);
     sq_change_text_domain('change_pass');
     sqgetGlobalVar('change_pass_old', $change_pass_old, SQ_POST);
     sqgetGlobalVar('change_pass_new', $change_pass_new, SQ_POST);
@@ -101,7 +106,8 @@ if(count($error_messages) > 0) {
 }
 
 if($showform) {
-    echo addForm($PHP_SELF);
+    echo addForm(sqm_baseuri() . 'plugins/change_pass/options.php');
+    echo addHidden('smtoken', sm_generate_security_token());
     echo
         html_tag('table', "\n" .
             html_tag('tr', "\n" .