Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829

author: thomascube <thomas@roundcube.net> 2011-03-22 07:49:43 +0000
committer: thomascube <thomas@roundcube.net> 2011-03-22 07:49:43 +0000
commit: ec045b0a24bbb0de2b203961b453a9f5bd640f34 (patch)
tree: 5e54169b90512bd0a4dda9fc517f21eb518540eb /index.php
parent: a8d7c659f1b343d2f0d6c954fcd3e0688e512736 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/index.php b/index.php
index 21d5d859a..6cf833e4b 100644
--- a/index.php
+++ b/index.php
@@ -154,9 +154,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
 
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-  if ($RCMAIL->action == 'keep-alive')
-    $OUTPUT->send();
-  else if ($OUTPUT->ajax_call)
+  if ($OUTPUT->ajax_call)
     $OUTPUT->redirect(array(), 2000);
 
   if (!empty($_REQUEST['_framed']))
@@ -184,7 +182,7 @@ else {
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
       header('HTTP/1.1 404 Not Found');
       die("Invalid Request");
     }
author	thomascube <thomas@roundcube.net>	2011-03-22 07:49:43 +0000
committer	thomascube <thomas@roundcube.net>	2011-03-22 07:49:43 +0000
commit	ec045b0a24bbb0de2b203961b453a9f5bd640f34 (patch)
tree	5e54169b90512bd0a4dda9fc517f21eb518540eb /index.php
parent	a8d7c659f1b343d2f0d6c954fcd3e0688e512736 (diff)