diff options
| author | thomascube <thomas@roundcube.net> | 2009-08-07 15:37:15 +0000 |
|---|---|---|
| committer | thomascube <thomas@roundcube.net> | 2009-08-07 15:37:15 +0000 |
| commit | 0ddf59aeb4ff1caf7d578336f1493aec09f385a6 (patch) | |
| tree | 81c60818b9ebef74660e80b14c9200f7216b76dd /index.php | |
| parent | 4fc15f69da43b3d50e066c7dac73e19b1d4e3467 (diff) | |
Fix spell check (#1486036)
Diffstat (limited to 'index.php')
| -rw-r--r-- | index.php | 4 |
1 files changed, 3 insertions, 1 deletions
@@ -142,6 +142,8 @@ else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action ! } } +// don't check for valid request tokens in these actions +$request_check_whitelist = array('login'=>1, 'spell'=>1); // check client X-header to verify request origin if ($OUTPUT->ajax_call) { @@ -151,7 +153,7 @@ if ($OUTPUT->ajax_call) { } } // check request token in POST form submissions -else if (!empty($_POST) && $RCMAIL->action != 'login' && !$RCMAIL->check_request()) { +else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { $OUTPUT->show_message('invalidrequest', 'error'); $OUTPUT->send($RCMAIL->task); } |