From ec045b0a24bbb0de2b203961b453a9f5bd640f34 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 22 Mar 2011 03:49:43 -0400
Subject: [PATCH] Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829

---
 index.php |    6 ++----
 1 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/index.php b/index.php
index 21d5d85..6cf833e 100644
--- a/index.php
+++ b/index.php
@@ -154,9 +154,7 @@
 
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-  if ($RCMAIL->action == 'keep-alive')
-    $OUTPUT->send();
-  else if ($OUTPUT->ajax_call)
+  if ($OUTPUT->ajax_call)
     $OUTPUT->redirect(array(), 2000);
 
   if (!empty($_REQUEST['_framed']))
@@ -184,7 +182,7 @@
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
       header('HTTP/1.1 404 Not Found');
       die("Invalid Request");
     }

--
Gitblit v1.9.1