X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=squirrelmail-change-pass.git;a=blobdiff_plain;f=options.php;fp=options.php;h=7bae346f1c5d74b9b66ba955470697299f961005;hp=7649a3cc9c65391b1560585863836a110d923578;hb=b12e06cbd58ee331e7fda685c0d2ce5e02362a36;hpb=4ab628421cc8c12e273961a68a9bfd8a22bae3f8

diff --git a/options.php b/options.php
index 7649a3c..7bae346 100644
--- a/options.php
+++ b/options.php
@@ -3,7 +3,7 @@
 /*
  * Licensed under the GNU GPL. For full terms see the file COPYING.
  *
- * $Id: options.php,v 1.7 2009/05/05 03:09:22 indiri69 Exp $
+ * $Id: options.php,v 1.8 2009/12/09 00:21:11 indiri69 Exp $
  */
 
 define('SM_PATH', '../../');
@@ -13,6 +13,10 @@ require_once(SM_PATH . 'functions/forms.php');
 
 $debug = false;
 
+if(!sqgetGlobalVar('smtoken', $submitted_token, SQ_POST)) {
+    $submitted_token = '';
+}
+
 // Make sure the plugin is activated
 global $plugins;
 if(!in_array('change_pass', $plugins)) {
@@ -35,6 +39,7 @@ $error_messages = array();
 $showform = true;
 
 if (isset($change_pass_form)) {
+    sm_validate_security_token($submitted_token, 3600, TRUE);
     sq_change_text_domain('change_pass');
     sqgetGlobalVar('change_pass_old', $change_pass_old, SQ_POST);
     sqgetGlobalVar('change_pass_new', $change_pass_new, SQ_POST);
@@ -101,7 +106,8 @@ if(count($error_messages) > 0) {
 }
 
 if($showform) {
-    echo addForm($PHP_SELF);
+    echo addForm(sqm_baseuri() . 'plugins/change_pass/options.php');
+    echo addHidden('smtoken', sm_generate_security_token());
     echo
         html_tag('table', "\n" .
             html_tag('tr', "\n" .