From 4a408843b0ef816daf70a472a02b78cd6073a4d5 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli <thomas@roundcube.net> Date: Sun, 06 Mar 2016 08:31:07 -0500 Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response --- plugins/enigma/lib/enigma_ui.php | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/plugins/enigma/lib/enigma_ui.php b/plugins/enigma/lib/enigma_ui.php index dfdacc7..ca28c32 100644 --- a/plugins/enigma/lib/enigma_ui.php +++ b/plugins/enigma/lib/enigma_ui.php @@ -459,6 +459,8 @@ */ private function key_export() { + $this->rc->request_security_check(rcube_utils::INPUT_GET); + $keys = rcube_utils::get_input_value('_keys', rcube_utils::INPUT_GPC); $engine = $this->enigma->load_engine(); $list = $keys == '*' ? $engine->list_keys() : explode(',', $keys); -- Gitblit v1.9.1