summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authoralecpl <alec@alec.pl>2010-10-01 07:49:54 +0000
committeralecpl <alec@alec.pl>2010-10-01 07:49:54 +0000
commit249db18585959c9ab3e09b6e91f8fec7cd32e9d0 (patch)
tree7fdecbad11b517105673f5826a833643bc4e8fcd
parent0bc51d9d0f8a36f4e0aa1d80ed019c958e233c16 (diff)
- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
-rw-r--r--CHANGELOG4
-rw-r--r--index.php42
-rw-r--r--program/js/app.js4
-rw-r--r--skins/default/functions.js2
4 files changed, 29 insertions, 23 deletions
diff --git a/CHANGELOG b/CHANGELOG
index 405f9634a..d89ab2b86 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -12,7 +12,9 @@ CHANGELOG Roundcube Webmail
- Add option do bind for an individual LDAP address book (#1486997)
- Change reply prefix to display email address only if sender name doesn't exist (#1486550)
- Fix charset replacement in HTML message bodies (#1487021)
-- Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#1486914)
+- Plugin API: improved 'abort' flag handling, added 'result' item in some hooks (#1486914)
+- Fix: contact group input is empty when using rename action more than once on the same group record
+- Fix "Server Error! (Not Found)" when using utils/save-pref action (#1487023)
RELEASE 0.4.1
-------------
diff --git a/index.php b/index.php
index 6bc771c1d..a46c41534 100644
--- a/index.php
+++ b/index.php
@@ -141,22 +141,6 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
}
}
-// don't check for valid request tokens in these actions
-$request_check_whitelist = array('login'=>1, 'spell'=>1);
-
-// check client X-header to verify request origin
-if ($OUTPUT->ajax_call) {
- if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) {
- header('HTTP/1.1 404 Not Found');
- die("Invalid Request");
- }
-}
-// check request token in POST form submissions
-else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
- $OUTPUT->show_message('invalidrequest', 'error');
- $OUTPUT->send($RCMAIL->task);
-}
-
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
if ($OUTPUT->ajax_call)
@@ -176,17 +160,37 @@ if (empty($RCMAIL->user->ID)) {
)
);
}
-
+
$OUTPUT->set_env('task', 'login');
$OUTPUT->send('login');
}
+// CSRF prevention
+else {
+ // don't check for valid request tokens in these actions
+ $request_check_whitelist = array('login'=>1, 'spell'=>1);
+
+ // check client X-header to verify request origin
+ if ($OUTPUT->ajax_call) {
+ if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+ header('HTTP/1.1 404 Not Found');
+ die("Invalid Request");
+ }
+ }
+ // check request token in POST form submissions
+ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
+ $OUTPUT->show_message('invalidrequest', 'error');
+ $OUTPUT->send($RCMAIL->task);
+ }
+}
-
-// handle keep-alive signal
+// handle special actions
if ($RCMAIL->action == 'keep-alive') {
$OUTPUT->reset();
$OUTPUT->send();
}
+else if ($RCMAIL->action == 'save-pref') {
+ include 'steps/utils/save_pref.inc';
+}
// map task/action to a certain include file
diff --git a/program/js/app.js b/program/js/app.js
index f4ec7f3da..f4e8e2f73 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -1294,7 +1294,7 @@ function rcube_webmail()
}
}
- this.http_post('utils/save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders));
+ this.http_post('save-pref', '_name=collapsed_folders&_value='+urlencode(this.env.collapsed_folders));
this.set_unread_count_display(id, false);
};
@@ -1465,7 +1465,7 @@ function rcube_webmail()
if ((found = $.inArray('subject', this.env.coltypes)) >= 0)
this.set_env('subject_col', found);
- this.http_post('utils/save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' });
+ this.http_post('save-pref', { '_name':'list_cols', '_value':this.env.coltypes, '_session':'list_attrib/columns' });
};
this.check_droptarget = function(id)
diff --git a/skins/default/functions.js b/skins/default/functions.js
index 338ce203b..4615a462a 100644
--- a/skins/default/functions.js
+++ b/skins/default/functions.js
@@ -287,7 +287,7 @@ switch_preview_pane: function(elem)
rcmail.env.contentframe = null;
rcmail.show_contentframe(false);
}
- rcmail.http_post('utils/save-pref', '_name=preview_pane&_value='+(elem.checked?1:0));
+ rcmail.http_post('save-pref', '_name=preview_pane&_value='+(elem.checked?1:0));
},
/* Message composing */