  |
1 | 1 | | <?php |
| |
2 | 2 | | /* |
 |
3 | | - | $Id: account_edit.php 1840 2008-12-12 12:32:40Z hpdl $ |
| |
| 3 | + | $Id: account_edit.php 1843 2008-12-12 13:32:10Z hpdl $ |
|
4 | 4 | | |
| |
5 | 5 | | osCommerce, Open Source E-Commerce Solutions |
| |
6 | 6 | | http://www.oscommerce.com |
| |
|
|
 |
… |
|
20 | 20 | | // needs to be included earlier to set the success message in the messageStack |
| |
21 | 21 | | require(DIR_WS_LANGUAGES . $language . '/' . FILENAME_ACCOUNT_EDIT); |
| |
22 | 22 | | |
|
23 | | - | if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process')) { |
| |
| 23 | + | if (isset($HTTP_POST_VARS['action']) && ($HTTP_POST_VARS['action'] == 'process') && isset($HTTP_POST_VARS['formid']) && ($HTTP_POST_VARS['formid'] == $sessiontoken)) { |
|
24 | 24 | | if (ACCOUNT_GENDER == 'true') $gender = tep_db_prepare_input($HTTP_POST_VARS['gender']); |
| |
25 | 25 | | $firstname = tep_db_prepare_input($HTTP_POST_VARS['firstname']); |
| |
26 | 26 | | $lastname = tep_db_prepare_input($HTTP_POST_VARS['lastname']); |
| |
|
|
|
… |
|
142 | 142 | | <!-- left_navigation_eof //--> |
| |
143 | 143 | | </table></td> |
| |
144 | 144 | | <!-- body_text //--> |
|
145 | | - | <td width="100%" valign="top"><?php echo tep_draw_form('account_edit', tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'), 'post', 'onSubmit="return check_form(account_edit);"') . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| |
| 145 | + | <td width="100%" valign="top"><?php echo tep_draw_form('account_edit', tep_href_link(FILENAME_ACCOUNT_EDIT, '', 'SSL'), 'post', 'onSubmit="return check_form(account_edit);"', true) . tep_draw_hidden_field('action', 'process'); ?><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
|
146 | 146 | | <tr> |
| |
147 | 147 | | <td><table border="0" width="100%" cellspacing="0" cellpadding="0"> |
| |
148 | 148 | | <tr> |