script could be loaded when $edit_identity is set to false

ChangeLog

@@ -80,6 +80,8 @@ Version 1.5.2 - CVS
     should be converted to html line breaks.
   - Add note to conf.pl / config_default.php to warn users that set
     sensitive passwords in that file to properly secure it.
+  - Prevent modifications in advanced identities, when editing of
+    identities is disabled.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

src/options_identities.php

@@ -21,6 +21,13 @@ require('../include/init.php');
 /* SquirrelMail required files. */
 require_once(SM_PATH . 'functions/identity.php');
 
+/* make sure that page is not available when $edit_identity is false */
+if (!$edit_identity) {
+    error_box(_("Editing identities is disabled."));
+    $oTemplate->display('footer.tpl');
+    die();
+}
+
 if (!sqgetGlobalVar('identities', $identities, SQ_SESSION)) {
     $identities = get_identities();
 }