summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2009-08-07 15:37:15 +0000
committerthomascube <thomas@roundcube.net>2009-08-07 15:37:15 +0000
commit0ddf59aeb4ff1caf7d578336f1493aec09f385a6 (patch)
tree81c60818b9ebef74660e80b14c9200f7216b76dd
parent4fc15f69da43b3d50e066c7dac73e19b1d4e3467 (diff)
Fix spell check (#1486036)
-rw-r--r--index.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/index.php b/index.php
index e6fd10a6f..8e2cafe66 100644
--- a/index.php
+++ b/index.php
@@ -142,6 +142,8 @@ else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action !
}
}
+// don't check for valid request tokens in these actions
+$request_check_whitelist = array('login'=>1, 'spell'=>1);
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
@@ -151,7 +153,7 @@ if ($OUTPUT->ajax_call) {
}
}
// check request token in POST form submissions
-else if (!empty($_POST) && $RCMAIL->action != 'login' && !$RCMAIL->check_request()) {
+else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
$OUTPUT->show_message('invalidrequest', 'error');
$OUTPUT->send($RCMAIL->task);
}