summaryrefslogtreecommitdiff
path: root/program/js/app.js
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2007-08-10 08:27:40 +0000
committerthomascube <thomas@roundcube.net>2007-08-10 08:27:40 +0000
commit719a257f0c8fd750a4984ed56273dc653565729e (patch)
tree2707636618edff63d691180a99a48cbdda350703 /program/js/app.js
parent4b9efbb9f49911b17bde2d46b86df825e987101e (diff)
Some bugfixes, security issues + minor improvements
Diffstat (limited to 'program/js/app.js')
-rw-r--r--program/js/app.js10
1 files changed, 6 insertions, 4 deletions
diff --git a/program/js/app.js b/program/js/app.js
index bda67002e..6cf9d4850 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -463,7 +463,7 @@ function rcube_webmail()
break;
case 'logout':
- this.goto_url('logout');
+ this.goto_url('logout', true);
break;
// commands to switch task
@@ -3195,7 +3195,7 @@ function rcube_webmail()
this.redirect = function(url, lock)
{
- if (lock || lock == NULL)
+ if (lock || lock === null)
this.set_busy(true);
if (this.env.framed && window.parent)
@@ -3498,12 +3498,13 @@ function rcube_http_request()
return false;
}
- var ref = this;
+ var _ref = this;
this.url = url;
this.busy = true;
- this.xmlhttp.onreadystatechange = function(){ ref.xmlhttp_onreadystatechange(); };
+ this.xmlhttp.onreadystatechange = function(){ _ref.xmlhttp_onreadystatechange(); };
this.xmlhttp.open('GET', url);
+ this.xmlhttp.setRequestHeader('X-RoundCube-Referer', bw.get_cookie('sessid'));
this.xmlhttp.send(null);
};
@@ -3537,6 +3538,7 @@ function rcube_http_request()
this.xmlhttp.onreadystatechange = function() { ref.xmlhttp_onreadystatechange(); };
this.xmlhttp.open('POST', url, true);
this.xmlhttp.setRequestHeader('Content-Type', contentType);
+ this.xmlhttp.setRequestHeader('X-RoundCube-Referer', bw.get_cookie('sessid'));
this.xmlhttp.send(req_body);
};