- Check request tokens also in devel_mode

author: Aleksander Machniak <alec@alec.pl> 2012-08-08 08:44:46 +0200
committer: Aleksander Machniak <alec@alec.pl> 2012-08-08 08:44:46 +0200
commit: 2bbc3da52aee81e920e46778d68278bd31f7bb6b (patch)
tree: 61eabbfbbb14d3b2a98889015a9b9283da9110a5
parent: de56ea1909d515d3e4807a04a6c4644b8226d08d (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index ef5733a12..143d90f45 100644
--- a/index.php
+++ b/index.php
@@ -223,7 +223,7 @@ else {
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
+    if (rcube_utils::request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
       header('HTTP/1.1 403 Forbidden');
       die("Invalid Request");
     }
author	Aleksander Machniak <alec@alec.pl>	2012-08-08 08:44:46 +0200
committer	Aleksander Machniak <alec@alec.pl>	2012-08-08 08:44:46 +0200
commit	2bbc3da52aee81e920e46778d68278bd31f7bb6b (patch)
tree	61eabbfbbb14d3b2a98889015a9b9283da9110a5
parent	de56ea1909d515d3e4807a04a6c4644b8226d08d (diff)