| CHANGELOG | ●●●●● patch | view | raw | blame | history | |
| index.php | ●●●●● patch | view | raw | blame | history | |
| program/js/app.js | ●●●●● patch | view | raw | blame | history | |
| skins/default/functions.js | ●●●●● patch | view | raw | blame | history |
CHANGELOG
@@ -12,7 +12,9 @@ - Add option do bind for an individual LDAP address book (#1486997) - Change reply prefix to display email address only if sender name doesn't exist (#1486550) - Fix charset replacement in HTML message bodies (#1487021) - Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#1486914) - Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#1486914) - Fix: contact group input is empty when using rename action more than once on the same group record - Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023) RELEASE 0.4.1 ------------- index.php
@@ -141,22 +141,6 @@ } } // don't check for valid request tokens in these actions $request_check_whitelist = array('login'=>1, 'spell'=>1); // check client X-header to verify request origin if ($OUTPUT->ajax_call) { if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) { header('HTTP/1.1 404 Not Found'); die("Invalid Request"); } } // check request token in POST form submissions else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { $OUTPUT->show_message('invalidrequest', 'error'); $OUTPUT->send($RCMAIL->task); } // not logged in -> show login page if (empty($RCMAIL->user->ID)) { if ($OUTPUT->ajax_call) @@ -176,17 +160,37 @@ ) ); } $OUTPUT->set_env('task', 'login'); $OUTPUT->send('login'); } // CSRF prevention else { // don't check for valid request tokens in these actions $request_check_whitelist = array('login'=>1, 'spell'=>1); // check client X-header to verify request origin if ($OUTPUT->ajax_call) { if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { header('HTTP/1.1 404 Not Found'); die("Invalid Request"); } } // check request token in POST form submissions else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { $OUTPUT->show_message('invalidrequest', 'error'); $OUTPUT->send($RCMAIL->task); } } // handle keep-alive signal // handle special actions if ($RCMAIL->action == 'keep-alive') { $OUTPUT->reset(); $OUTPUT->send(); } else if ($RCMAIL->action == 'save-pref') { include 'steps/utils/save_pref.inc'; } // map task/action to a certain include file program/js/app.js
@@ -1294,7 +1294,7 @@ } } this.http_post('utils/save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders)); this.http_post('save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders)); this.set_unread_count_display(id, false); }; @@ -1465,7 +1465,7 @@ if ((found = $.inArray('subject', this.env.coltypes)) >= 0) this.set_env('subject_col', found); this.http_post('utils/save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' }); this.http_post('save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' }); }; this.check_droptarget = function(id) skins/default/functions.js
@@ -287,7 +287,7 @@ rcmail.env.contentframe = null; rcmail.show_contentframe(false); } rcmail.http_post('utils/save-pref', '_name=preview_pane&_value='+(elem.checked?1:0)); rcmail.http_post('save-pref', '_name=preview_pane&_value='+(elem.checked?1:0)); }, /* Message composing */
