diff options
| author | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
|---|---|---|
| committer | Aleksander Machniak <alec@alec.pl> | 2014-12-16 13:28:48 +0100 |
| commit | 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch) | |
| tree | 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /program/include/rcmail_output_json.php | |
| parent | 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff) | |
Improve system security by using optional special URL with security token
Allows to define separate server/path for image/js/css files
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'program/include/rcmail_output_json.php')
| -rw-r--r-- | program/include/rcmail_output_json.php | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/program/include/rcmail_output_json.php b/program/include/rcmail_output_json.php index fa35824db..91262acb3 100644 --- a/program/include/rcmail_output_json.php +++ b/program/include/rcmail_output_json.php @@ -181,6 +181,11 @@ class rcmail_output_json extends rcmail_output */ public function raise_error($code, $message) { + if ($code == 403) { + header('HTTP/1.1 403 Forbidden'); + die("Invalid Request"); + } + $this->show_message("Application Error ($code): $message", 'error'); $this->remote_response(); exit; |