summaryrefslogtreecommitdiff
path: root/index.php
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-03-22 07:49:43 +0000
committerthomascube <thomas@roundcube.net>2011-03-22 07:49:43 +0000
commitec045b0a24bbb0de2b203961b453a9f5bd640f34 (patch)
tree5e54169b90512bd0a4dda9fc517f21eb518540eb /index.php
parenta8d7c659f1b343d2f0d6c954fcd3e0688e512736 (diff)
Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829
Diffstat (limited to 'index.php')
-rw-r--r--index.php6
1 files changed, 2 insertions, 4 deletions
diff --git a/index.php b/index.php
index 21d5d859a..6cf833e4b 100644
--- a/index.php
+++ b/index.php
@@ -154,9 +154,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
- if ($RCMAIL->action == 'keep-alive')
- $OUTPUT->send();
- else if ($OUTPUT->ajax_call)
+ if ($OUTPUT->ajax_call)
$OUTPUT->redirect(array(), 2000);
if (!empty($_REQUEST['_framed']))
@@ -184,7 +182,7 @@ else {
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+ if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}