githubFork/roundcubemail.git

Roundcubemail devel

parent: 681ba6fc | patch | commit | ignore whitespace

Get rid of requests whitelist for security check bypass

Aleksander Machniak

2014-12-16 7259529fad909c51bd412135827af08155f72e19

Get rid of requests whitelist for security check bypass

1 files modified

program/include/rcmail.php

8 ●●●●● patch | view | raw | blame | history

 program/include/rcmail.php

@@ -867,14 +867,6 @@
     */
    public function request_security_check($mode = rcube_utils::INPUT_POST)
    {
        // don't check for valid request tokens in these actions
        // @TODO: get rid of this
        $request_check_whitelist = array('spell'=>1, 'spell_html'=>1);

        if ($request_check_whitelist[$this->action]) {
            return;
        }

        // check request token
        if (!$this->check_request($mode)) {
            self::raise_error(array(

			@@ -867,14 +867,6 @@
			*/
			public function request_security_check($mode = rcube_utils::INPUT_POST)
			{
			// don't check for valid request tokens in these actions
			// @TODO: get rid of this
			$request_check_whitelist = array('spell'=>1, 'spell_html'=>1);

			if ($request_check_whitelist[$this->action]) {
			return;
			}

			// check request token
			if (!$this->check_request($mode)) {
			self::raise_error(array(