Improve system security by using optional special URL with security token

Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
author: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
committer: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
commit: 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree: 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /program/include/rcmail_output.php
parent: 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/program/include/rcmail_output.php b/program/include/rcmail_output.php
index 0f7aaf966..76ff4e75e 100644
--- a/program/include/rcmail_output.php
+++ b/program/include/rcmail_output.php
@@ -28,6 +28,7 @@
 abstract class rcmail_output extends rcube_output
 {
     const JS_OBJECT_NAME = 'rcmail';
+    const BLANK_GIF      = 'R0lGODlhDwAPAIAAAMDAwAAAACH5BAEAAAAALAAAAAAPAA8AQAINhI+py+0Po5y02otnAQA7';
 
     public $type = 'html';
     public $ajax_call = false;
author	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
committer	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
commit	681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree	77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /program/include/rcmail_output.php
parent	53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)