- Check request tokens also in devel_mode

Conflicts: index.php
12 years ago · 4c6a3d7d8a
parent 358957e73e
commit 4c6a3d7d8a
1 changed files with 1 additions and 1 deletions
--- a/index.php
+++ b/index.php
@ -225,7 +225,7 @@ else {

  // check client X-header to verify request origin
  if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
      header('HTTP/1.1 403 Forbidden');
      die("Invalid Request");
    }