return;
}
+ if ($this->vars->actionID) {
+ try {
+ Horde::checkRequestToken('horde.prefs', $this->vars->horde_prefs_token);
+ } catch (Horde_Exception $e) {
+ $GLOBALS['notification']->push($e);
+ return;
+ }
+ }
+
switch ($this->vars->actionID) {
case 'update_prefs':
if (isset($this->prefGroups[$this->group]['type']) &&
$t->set('app', htmlspecialchars($this->app));
$t->set('group', htmlspecialchars($this->group));
$t->set('label', htmlspecialchars($this->prefGroups[$this->group]['label']));
+ $t->set('token', Horde::getRequestToken('horde_prefs'));
// Search for previous and next groups.
if (count($prefgroups) > 1) {
v3.3.9-cvs
----------
+[jan] Add token protection to preference forms.
[mms] Fix generating RFC 2231 parameters with charset information (Bug #9212).
[mms] On invalid token during logout, redirect to initial page (Bug #7669).
[mjr] Don't allow fixed blocks to be changed to another type (Bug #9141).
<form method="post" id="prefs" name="prefs" action="<tag:action />">
<tag:forminput />
+<input type="hidden" name="horde_prefs_token" value="<tag:token />" />
<input type="hidden" id="actionID" name="actionID" value="update_prefs" />
<input type="hidden" name="group" value="<tag:group />" />
<input type="hidden" id="prefs_app" name="app" value="<tag:app />" />
projects / horde.git / commitdiff