2 files changed, 68 insertions, 2 deletions

diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index a4f44b8f4..627a8f290 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -852,6 +852,39 @@ class rcmail
   
   
   /**
+   * Generate a unique token to be used in a form request
+   *
+   * @param string Request identifier
+   * @return string The request token
+   */
+  public function get_request_token($key)
+  {
+    if (!$this->request_tokens[$key])
+      $_SESSION['request_tokens'][$key] = $this->request_tokens[$key] = md5(uniqid($key . rand(), true));
+    
+    return $this->request_tokens[$key];
+  }
+  
+  
+  /**
+   * Check if the current request contains a valid token
+   *
+   * @param string Request identifier
+   * @return boolean True if request token is valid false if not
+   */
+  public function check_request($key, $mode = RCUBE_INPUT_POST)
+  {
+    $token = get_input_value('_token', $mode);
+    $valid = !(empty($token) || $_SESSION['request_tokens'][$key] != $token);
+    
+    if ($valid)
+      unset($_SESSION['request_tokens'][$key]);
+    
+    return $valid;
+  }
+  
+  
+  /**
    * Create unique authorization hash
    *
    * @param string Session ID
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index 382508099..a08f27309 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -925,7 +925,7 @@ class rcube_template extends rcube_html_page
      */
     public function form_tag($attrib, $content = null)
     {
-      if ($this->framed) {
+      if ($this->framed || !empty($_REQUEST['_framed'])) {
         $hiddenfield = new html_hiddenfield(array('name' => '_framed', 'value' => '1'));
         $hidden = $hiddenfield->show();
       }
@@ -935,7 +935,40 @@ class rcube_template extends rcube_html_page
       
       return html::tag('form',
         $attrib + array('action' => "./", 'method' => "get"),
-        $hidden . $content);
+        $hidden . $content,
+        array('id','class','style','name','method','action','enctype','onsubmit'));
+    }
+    
+    
+    /**
+     * Build a form tag with a unique request token
+     *
+     * @param array Named tag parameters including 'action' and 'task' values which will be put into hidden fields
+     * @param string Form content
+     * @return string HTML code for the form
+     */
+    public function request_form($attrib, $content)
+    {
+        $hidden = new html_hiddenfield();
+        if ($attrib['task']) {
+            $hidden->add(array('name' => '_task', 'value' => $attrib['task']));
+        }
+        if ($attrib['action']) {
+            $hidden->add(array('name' => '_action', 'value' => $attrib['action']));
+        }
+      
+        // generate request token
+        $request_key = $attrib['request'] ? $attrib['request'] : $attrib['action'];
+        $hidden->add(array('name' => '_token', 'value' => $this->app->get_request_token($request_key)));
+      
+        unset($attrib['task'], $attrib['request']);
+        $attrib['action'] = './';
+      
+        // we already have a <form> tag
+        if ($attrib['form'])
+            return $hidden->show() . $content;
+        else
+            return $this->form_tag($attrib, $hidden->show() . $content);
     }