Add hook for request token creation (upon user request)

3 files changed, 6 insertions, 2 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 4f3e717b9..56e59d747 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Added plugin hook for request token creation
 - Replace LDAP vars in group queries (#1487837)
 - Fix vcard folding with uncode characters (#1487868)
 - Keep all submitted data if contact form validation fails (#1487865)
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index d1e86c6ca..17b82198c 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -1108,7 +1108,8 @@ class rcmail
   {
     $sess_id = $_COOKIE[ini_get('session.name')];
     if (!$sess_id) $sess_id = session_id();
-    return md5('RT' . $this->task . $this->config->get('des_key') . $sess_id);
+    $plugin = $this->plugins->exec_hook('request_token', array('value' => md5('RT' . $this->task . $this->config->get('des_key') . $sess_id)));
+    return $plugin['value'];
   }
 
 
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index f66b2904d..0a64d1cb1 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -69,7 +69,6 @@ class rcube_template extends rcube_html_page
 
         //$this->framed = $framed;
         $this->set_env('task', $task);
-        $this->set_env('request_token', $this->app->get_request_token());
 
         // load the correct skin (in case user-defined)
         $this->set_skin($this->config['skin']);
@@ -342,6 +341,9 @@ class rcube_template extends rcube_html_page
         else if ($unlock) {
             array_unshift($this->js_commands, array('hide_message', $unlock));
         }
+
+        $this->set_env('request_token', $this->app->get_request_token());
+
         // write all env variables to client
         $js = $this->framed ? "if(window.parent) {\n" : '';
         $js .= $this->get_js_commands() . ($this->framed ? ' }' : '');