From 2bbc3da52aee81e920e46778d68278bd31f7bb6b Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 08 Aug 2012 02:44:46 -0400
Subject: [PATCH] - Check request tokens also in devel_mode

---
 index.php |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/index.php b/index.php
index ef5733a..143d90f 100644
--- a/index.php
+++ b/index.php
@@ -223,7 +223,7 @@
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
+    if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
       header('HTTP/1.1 403 Forbidden');
       die("Invalid Request");
     }

--
Gitblit v1.9.1