diff options
author | alecpl <alec@alec.pl> | 2009-10-14 08:36:02 +0000 |
---|---|---|
committer | alecpl <alec@alec.pl> | 2009-10-14 08:36:02 +0000 |
commit | ccc80d1ca86b8da8bf24fd805443b4c992e2c187 (patch) | |
tree | 09a7b5fdd6977321a40d9734e4c73336ac078971 | |
parent | ab46578d98853cfddab3bd47456c918feb3584bf (diff) |
- Fix login page loading into an iframe when session expires (#1485952)
-rw-r--r-- | CHANGELOG | 1 | ||||
-rw-r--r-- | index.php | 6 |
2 files changed, 5 insertions, 2 deletions
@@ -1,6 +1,7 @@ CHANGELOG RoundCube Webmail =========================== +- Fix login page loading into an iframe when session expires (#1485952) - added option 'force_https_port' in 'force_https' plugin (#1486091) - Option 'force_https' replaced by 'force_https' plugin - Fix IE issue with non-UTF-8 characters in AJAX response (#1486159) @@ -142,7 +142,7 @@ $request_check_whitelist = array('login'=>1, 'spell'=>1); // check client X-header to verify request origin if ($OUTPUT->ajax_call) { - if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) { + if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) { header('HTTP/1.1 404 Not Found'); die("Invalid Request"); } @@ -155,10 +155,12 @@ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAI // not logged in -> show login page if (empty($RCMAIL->user->ID)) { - if ($OUTPUT->ajax_call) $OUTPUT->redirect(array(), 2000); + if (!empty($_REQUEST['_framed'])) + $OUTPUT->command('redirect', $OUTPUT->app->url()); + // check if installer is still active if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) { $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"), |