From b79cc545ec020f7dd4bd83dcd06af3cf2b1fcaff Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 28 Aug 2012 05:20:20 -0400
Subject: [PATCH] Improvements/fixes for Larry skin

---
 index.php |   43 +++++++++++++++++++++++--------------------
 1 files changed, 23 insertions(+), 20 deletions(-)

diff --git a/index.php b/index.php
index 54b87ce..0ad371a 100644
--- a/index.php
+++ b/index.php
@@ -211,33 +211,36 @@
   if ($session_error || $_REQUEST['_err'] == 'session')
     $OUTPUT->show_message('sessionerror', 'error', null, true, -1);
 
-  $RCMAIL->set_task('login');
-  $OUTPUT->send('login');
+  $plugin = $RCMAIL->plugins->exec_hook('unauthenticated', array('task' => 'login', 'error' => $session_error));
+
+  $RCMAIL->set_task($plugin['task']);
+  $OUTPUT->send($plugin['task']);
 }
 // CSRF prevention
 else {
   // don't check for valid request tokens in these actions
-  $request_check_whitelist = array('login'=>1, 'spell'=>1);
+  $request_check_whitelist = array('login'=>1, 'spell'=>1, 'spell_html'=>1);
 
-  // check client X-header to verify request origin
-  if ($OUTPUT->ajax_call) {
-    if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
-      header('HTTP/1.1 403 Forbidden');
-      die("Invalid Request");
+  if (!$request_check_whitelist[$RCMAIL->action]) {
+    // check client X-header to verify request origin
+    if ($OUTPUT->ajax_call) {
+      if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+        header('HTTP/1.1 403 Forbidden');
+        die("Invalid Request");
+      }
     }
-  }
-  // check request token in POST form submissions
-  else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
-    $OUTPUT->show_message('invalidrequest', 'error');
-    $OUTPUT->send($RCMAIL->task);
-  }
+    // check request token in POST form submissions
+    else if (!empty($_POST) && !$RCMAIL->check_request()) {
+      $OUTPUT->show_message('invalidrequest', 'error');
+      $OUTPUT->send($RCMAIL->task);
+    }
 
-  // check referer if configured
-  if (!$request_check_whitelist[$RCMAIL->action] && $RCMAIL->config->get('referer_check') && !rcmail::check_referer()) {
-    raise_error(array(
-      'code' => 403,
-      'type' => 'php',
-      'message' => "Referer check failed"), true, true);
+    // check referer if configured
+    if ($RCMAIL->config->get('referer_check') && !rcmail::check_referer()) {
+      raise_error(array(
+        'code' => 403, 'type' => 'php',
+        'message' => "Referer check failed"), true, true);
+    }
   }
 }
 

--
Gitblit v1.9.1