- Fix login page loading into an iframe when session expires (#1485952)

author: alecpl <alec@alec.pl> 2009-10-14 08:36:02 +0000
committer: alecpl <alec@alec.pl> 2009-10-14 08:36:02 +0000
commit: ccc80d1ca86b8da8bf24fd805443b4c992e2c187 (patch)
tree: 09a7b5fdd6977321a40d9734e4c73336ac078971 /index.php
parent: ab46578d98853cfddab3bd47456c918feb3584bf (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/index.php b/index.php
index 9e32fc79a..46f8c364e 100644
--- a/index.php
+++ b/index.php
@@ -142,7 +142,7 @@ $request_check_whitelist = array('login'=>1, 'spell'=>1);
 
 // check client X-header to verify request origin
 if ($OUTPUT->ajax_call) {
-  if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {
+  if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) {
     header('HTTP/1.1 404 Not Found');
     die("Invalid Request");
   }
@@ -155,10 +155,12 @@ else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAI
 
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-  
   if ($OUTPUT->ajax_call)
     $OUTPUT->redirect(array(), 2000);
   
+  if (!empty($_REQUEST['_framed']))
+    $OUTPUT->command('redirect', $OUTPUT->app->url());
+
   // check if installer is still active
   if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
     $OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
author	alecpl <alec@alec.pl>	2009-10-14 08:36:02 +0000
committer	alecpl <alec@alec.pl>	2009-10-14 08:36:02 +0000
commit	ccc80d1ca86b8da8bf24fd805443b4c992e2c187 (patch)
tree	09a7b5fdd6977321a40d9734e4c73336ac078971 /index.php
parent	ab46578d98853cfddab3bd47456c918feb3584bf (diff)