summaryrefslogtreecommitdiff
path: root/program/js
diff options
context:
space:
mode:
authorAleksander Machniak <alec@alec.pl>2014-07-05 12:33:03 +0200
committerAleksander Machniak <alec@alec.pl>2014-07-05 12:48:55 +0200
commit7152d0fdefc0cb60b26c928342436604479dc610 (patch)
treebf01d0c838505dc284b984d8fdbe8fddaca67203 /program/js
parentc627d3bb02a41716af17dff5eca8d7df30297414 (diff)
Fix security issue in delete-response action - allow only ajax request.
Unify code for identities and responses deletion. Conflicts: program/steps/settings/func.inc
Diffstat (limited to 'program/js')
-rw-r--r--program/js/app.js22
1 files changed, 15 insertions, 7 deletions
diff --git a/program/js/app.js b/program/js/app.js
index c9b9050b8..6ca84c315 100644
--- a/program/js/app.js
+++ b/program/js/app.js
@@ -3555,10 +3555,7 @@ function rcube_webmail()
// submit delete request
if (key && confirm(this.get_label('deleteresponseconfirm'))) {
this.http_post('settings/delete-response', { _key: key }, false);
- return true;
}
-
- return false;
};
this.stop_spellchecking = function()
@@ -5612,10 +5609,8 @@ function rcube_webmail()
id = this.env.iid ? this.env.iid : selection[0];
// submit request with appended token
- if (confirm(this.get_label('deleteidentityconfirm')))
- this.goto_url('delete-identity', { _iid: id, _token: this.env.request_token }, true);
-
- return true;
+ if (id && confirm(this.get_label('deleteidentityconfirm')))
+ this.http_post('settings/delete-identity', { _iid: id }, true);
};
this.update_identity_row = function(id, name, add)
@@ -5661,6 +5656,19 @@ function rcube_webmail()
}
};
+ this.remove_identity = function(id)
+ {
+ var frame, list = this.identity_list,
+ rid = this.html_identifier(id);
+
+ if (list && id) {
+ list.remove_row(rid);
+ if (this.env.contentframe && (frame = this.get_frame_window(this.env.contentframe))) {
+ frame.location.href = this.env.blankpage;
+ }
+ }
+ };
+
/*********************************************************/
/********* folder manager methods *********/