diff options
| author | Aleksander Machniak <alec@alec.pl> | 2012-08-08 08:44:46 +0200 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2012-08-08 08:59:53 +0200 |
| commit | 4c6a3d7d8ac56b9fea777781b291cfde956a7e9a (patch) | |
| tree | 20d8b07d579c53f61d6be10519893d0096651393 | |
| parent | 358957e73e0679db0edb53136e66f250db5ad2b3 (diff) | |
- Check request tokens also in devel_mode
Conflicts:
index.php
| -rw-r--r-- | index.php | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -225,7 +225,7 @@ else { // check client X-header to verify request origin if ($OUTPUT->ajax_call) { - if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) { + if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) { header('HTTP/1.1 403 Forbidden'); die("Invalid Request"); } |