Improve system security by using optional special URL with security token

Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
author: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
committer: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
commit: 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree: 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /plugins/legacy_browser/js
parent: 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/legacy_browser/js/iehacks.js b/plugins/legacy_browser/js/iehacks.js
index 8f88e6f57..105b7dabc 100644
--- a/plugins/legacy_browser/js/iehacks.js
+++ b/plugins/legacy_browser/js/iehacks.js
@@ -102,7 +102,7 @@ rcube_webmail.prototype.get_input_selection = function(obj)
 rcube_webmail.prototype.async_upload_form_frame = function(name)
 {
   document.body.insertAdjacentHTML('BeforeEnd', '<iframe name="' + name + '"'
-    + ' src="program/resources/blank.gif" style="width:0; height:0; visibility:hidden"></iframe>');
+    + ' src="' + rcmail.assets_path('program/resources/blank.gif') + '" style="width:0; height:0; visibility:hidden"></iframe>');
 
   return $('iframe[name="' + name + '"]');
 };
author	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
committer	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
commit	681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree	77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /plugins/legacy_browser/js
parent	53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)