From 699af1e5206ed9114322adaa3c25c1c969640a53 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli <thomas@roundcube.net> Date: Sun, 06 Mar 2016 08:35:48 -0500 Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response --- plugins/managesieve/managesieve.js | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/plugins/managesieve/managesieve.js b/plugins/managesieve/managesieve.js index 1098b5b..30cfb67 100644 --- a/plugins/managesieve/managesieve.js +++ b/plugins/managesieve/managesieve.js @@ -181,7 +181,7 @@ var id = this.filtersets_list.get_single_selection(), script = this.env.filtersets[id]; - location.href = this.env.comm_path+'&_action=plugin.managesieve-action&_act=setget&_set='+urlencode(script); + this.goto_url('plugin.managesieve-action', {_act: 'setget', _set: script}, false, true); }; // Set activate/deactivate request -- Gitblit v1.9.1