From facb8fbb4c506918fbe40d3754fa69df4c04ae66 Mon Sep 17 00:00:00 2001
From: Jan Schneider <jan@horde.org>
Date: Mon, 27 Sep 2010 12:26:28 +0200
Subject: [PATCH] Protect preference forms with request tokens.

---
 framework/Core/lib/Horde/Core/Prefs/Ui.php | 10 ++++++++++
 horde/docs/CHANGES                         |  1 +
 horde/templates/prefs/begin.html           |  1 +
 3 files changed, 12 insertions(+)

diff --git a/framework/Core/lib/Horde/Core/Prefs/Ui.php b/framework/Core/lib/Horde/Core/Prefs/Ui.php
index edbc1db2c..6b2c208f5 100644
--- a/framework/Core/lib/Horde/Core/Prefs/Ui.php
+++ b/framework/Core/lib/Horde/Core/Prefs/Ui.php
@@ -189,6 +189,15 @@ class Horde_Core_Prefs_Ui
             return;
         }
 
+        if ($this->vars->actionID) {
+            try {
+                Horde::checkRequestToken('horde.prefs', $this->vars->horde_prefs_token);
+            } catch (Horde_Exception $e) {
+                $GLOBALS['notification']->push($e);
+                return;
+            }
+        }
+
         switch ($this->vars->actionID) {
         case 'update_prefs':
             if (isset($this->prefGroups[$this->group]['type']) &&
@@ -592,6 +601,7 @@ class Horde_Core_Prefs_Ui
             $t->set('app', htmlspecialchars($this->app));
             $t->set('group', htmlspecialchars($this->group));
             $t->set('label', htmlspecialchars($this->prefGroups[$this->group]['label']));
+            $t->set('token', Horde::getRequestToken('horde_prefs'));
 
             // Search for previous and next groups.
             if (count($prefgroups) > 1) {
diff --git a/horde/docs/CHANGES b/horde/docs/CHANGES
index 20ae7c675..e2b6ee2c3 100644
--- a/horde/docs/CHANGES
+++ b/horde/docs/CHANGES
@@ -49,6 +49,7 @@ v4.0-cvs
 v3.3.9-cvs
 ----------
 
+[jan] Add token protection to preference forms.
 [mms] Fix generating RFC 2231 parameters with charset information (Bug #9212).
 [mms] On invalid token during logout, redirect to initial page (Bug #7669).
 [mjr] Don't allow fixed blocks to be changed to another type (Bug #9141).
diff --git a/horde/templates/prefs/begin.html b/horde/templates/prefs/begin.html
index 7e7a667b5..4698a6e64 100644
--- a/horde/templates/prefs/begin.html
+++ b/horde/templates/prefs/begin.html
@@ -1,5 +1,6 @@
 <form method="post" id="prefs" name="prefs" action="<tag:action />">
 <tag:forminput />
+<input type="hidden" name="horde_prefs_token" value="<tag:token />" />
 <input type="hidden" id="actionID" name="actionID" value="update_prefs" />
 <input type="hidden" name="group" value="<tag:group />" />
 <input type="hidden" id="prefs_app" name="app" value="<tag:app />" />
-- 
2.11.0