diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-07-05 12:33:03 +0200 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-07-05 12:48:55 +0200 |
commit | 7152d0fdefc0cb60b26c928342436604479dc610 (patch) | |
tree | bf01d0c838505dc284b984d8fdbe8fddaca67203 /program/js/app.js | |
parent | c627d3bb02a41716af17dff5eca8d7df30297414 (diff) |
Fix security issue in delete-response action - allow only ajax request.
Unify code for identities and responses deletion.
Conflicts:
program/steps/settings/func.inc
Diffstat (limited to 'program/js/app.js')
-rw-r--r-- | program/js/app.js | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/program/js/app.js b/program/js/app.js index c9b9050b8..6ca84c315 100644 --- a/program/js/app.js +++ b/program/js/app.js @@ -3555,10 +3555,7 @@ function rcube_webmail() // submit delete request if (key && confirm(this.get_label('deleteresponseconfirm'))) { this.http_post('settings/delete-response', { _key: key }, false); - return true; } - - return false; }; this.stop_spellchecking = function() @@ -5612,10 +5609,8 @@ function rcube_webmail() id = this.env.iid ? this.env.iid : selection[0]; // submit request with appended token - if (confirm(this.get_label('deleteidentityconfirm'))) - this.goto_url('delete-identity', { _iid: id, _token: this.env.request_token }, true); - - return true; + if (id && confirm(this.get_label('deleteidentityconfirm'))) + this.http_post('settings/delete-identity', { _iid: id }, true); }; this.update_identity_row = function(id, name, add) @@ -5661,6 +5656,19 @@ function rcube_webmail() } }; + this.remove_identity = function(id) + { + var frame, list = this.identity_list, + rid = this.html_identifier(id); + + if (list && id) { + list.remove_row(rid); + if (this.env.contentframe && (frame = this.get_frame_window(this.env.contentframe))) { + frame.location.href = this.env.blankpage; + } + } + }; + /*********************************************************/ /********* folder manager methods *********/ |