githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

parent: 358957e7 | patch | commit | ignore whitespace

- Check request tokens also in devel_mode

Aleksander Machniak

2012-08-08 4c6a3d7d8ac56b9fea777781b291cfde956a7e9a

- Check request tokens also in devel_mode

Conflicts:

	index.php

1 files modified

index.php

2 ●●●●● patch | view | raw | blame | history

 index.php

@@ -225,7 +225,7 @@

  // check client X-header to verify request origin
  if ($OUTPUT->ajax_call) {
    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
      header('HTTP/1.1 403 Forbidden');
      die("Invalid Request");
    }

			@@ -225,7 +225,7 @@

			// check client X-header to verify request origin
			if ($OUTPUT->ajax_call) {
			if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
			if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
			header('HTTP/1.1 403 Forbidden');
			die("Invalid Request");
			}