githubFork/roundcubemail.git

Roundcubemail devel

parent: 187ff4e5 | patch | commit | ignore whitespace

thomascube

2011-10-30 abdf31486a946d63623c3047d08e7730926c4d86

Allow cross-task ajax requests

2 files modified

	index.php	2 ●●●●● patch \| view \| raw \| blame \| history
	program/include/rcmail.php	2 ●●●●● patch \| view \| raw \| blame \| history

 index.php

@@ -195,7 +195,7 @@
  // check client X-header to verify request origin
  if ($OUTPUT->ajax_call) {
    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
      header('HTTP/1.1 404 Not Found');
      header('HTTP/1.1 403 Forbidden');
      die("Invalid Request");
    }
  }

 program/include/rcmail.php

@@ -1268,7 +1268,7 @@
  {
    $sess_id = $_COOKIE[ini_get('session.name')];
    if (!$sess_id) $sess_id = session_id();
    $plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->task . $this->config->get('des_key') . $sess_id)));
    $plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->user->ID . $this->config->get('des_key') . $sess_id)));
    return $plugin['value'];
  }

			@@ -195,7 +195,7 @@
			// check client X-header to verify request origin
			if ($OUTPUT->ajax_call) {
			if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
			header('HTTP/1.1 404 Not Found');
			header('HTTP/1.1 403 Forbidden');
			die("Invalid Request");
			}
			}

			@@ -1268,7 +1268,7 @@
			{
			$sess_id = $_COOKIE[ini_get('session.name')];
			if (!$sess_id) $sess_id = session_id();
			$plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->task . $this->config->get('des_key') . $sess_id)));
			$plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->user->ID . $this->config->get('des_key') . $sess_id)));
			return $plugin['value'];
			}