Nearly all <FORM> blocks now contain a hidden input

[citadel.git] / webcit / preferences.c

diff --git a/webcit/preferences.c b/webcit/preferences.c
index 2c761b05c358c32fa685bb976d671b7858f2ce5e..fac58a6b45e04ff3eadd69c9c87ff36ffb396941 100644 (file)
--- a/webcit/preferences.c
+++ b/webcit/preferences.c
@@ -217,6 +217,7 @@ void display_preferences(void)
                "<form name=\"prefform\" action=\"set_preferences\" "
                "method=\"post\">\n"
                "<table border=0 cellspacing=5 cellpadding=5>\n");
+       wprintf("<input type=\"hidden\" name=\"nonce\" value=\"%ld\">\n", WC->nonce);
 
        /**
         * Room list view
@@ -377,7 +378,9 @@ void display_preferences(void)
        wprintf("<tr><td>");
        wprintf(_("Default character set for email headers:"));
        wprintf("</td><td>");
-       wprintf("<input type=\"text\" NAME=\"default_header_charset\" MAXLENGTH=\"32\" VALUE=\"%s\">", buf);
+       wprintf("<input type=\"text\" NAME=\"default_header_charset\" MAXLENGTH=\"32\" VALUE=\"");
+       escputs(buf);
+       wprintf("\">");
        wprintf("</td></tr>");
 
        /** submit buttons */