banananetwork
/
roundcubemail
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Backport r5375 to release branch

Browse Source
release-0.7
thomascube 13 years ago
parent f1654a33b2
commit 44a352b7b8
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

2
index.php
Unescape Escape View File

@ -195,7 +195,7 @@ else {
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
header('HTTP/1.1 404 Not Found');
header('HTTP/1.1 403 Forbidden');
die("Invalid Request");
}
}

2
program/include/rcmail.php
Unescape Escape View File

@ -1268,7 +1268,7 @@ class rcmail
{
$sess_id = $_COOKIE[ini_get('session.name')];
if (!$sess_id) $sess_id = session_id();
$plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->task . $this->config->get('des_key') . $sess_id)));
$plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->user->ID . $this->config->get('des_key') . $sess_id)));
return $plugin['value'];
}

Write Preview
Loading…
Cancel
Save