From 4a408843b0ef816daf70a472a02b78cd6073a4d5 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli <thomas@roundcube.net> Date: Sun, 06 Mar 2016 08:31:07 -0500 Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response --- program/steps/addressbook/export.inc | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/program/steps/addressbook/export.inc b/program/steps/addressbook/export.inc index 859d0f0..b056a3e 100644 --- a/program/steps/addressbook/export.inc +++ b/program/steps/addressbook/export.inc @@ -21,6 +21,8 @@ +-----------------------------------------------------------------------+ */ +$RCMAIL->request_security_check(rcube_utils::INPUT_GET); + // Use search result if (!empty($_REQUEST['_search']) && isset($_SESSION['search'][$_REQUEST['_search']])) { $sort_col = $RCMAIL->config->get('addressbook_sort_col', 'name'); -- Gitblit v1.9.1