Use global request tokens and automatically protect all POST requests

author: thomascube <thomas@roundcube.net> 2009-07-21 16:02:33 +0000
committer: thomascube <thomas@roundcube.net> 2009-07-21 16:02:33 +0000
commit: 5499336feff22f682448dd99cc00a9b36701fcd1 (patch)
tree: 84c0fcf73be4f5c51f58c9656aaaefecd3530d9d /program/steps/addressbook/save.inc
parent: 61e96cd1f9b32345fd15ae826674f38f0495baa3 (diff)
1 files changed, 1 insertions, 9 deletions
diff --git a/program/steps/addressbook/save.inc b/program/steps/addressbook/save.inc
index 45cb6387e..639e0f2d1 100644
--- a/program/steps/addressbook/save.inc
+++ b/program/steps/addressbook/save.inc
@@ -5,7 +5,7 @@
  | program/steps/addressbook/save.inc                                    |
  |                                                                       |
  | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -22,14 +22,6 @@
 $cid = get_input_value('_cid', RCUBE_INPUT_POST);
 $return_action = empty($cid) ? 'add' : 'show';
 
-// check request token and exit if invalid
-if (!$RCMAIL->check_request('save.'.intval($cid), RCUBE_INPUT_POST))
-{
-  $OUTPUT->show_message('invalidrequest', 'error');
-  rcmail_overwrite_action($return_action);
-  return;
-}
-
 // cannot edit record
 if ($CONTACTS->readonly)
 {
author	thomascube <thomas@roundcube.net>	2009-07-21 16:02:33 +0000
committer	thomascube <thomas@roundcube.net>	2009-07-21 16:02:33 +0000
commit	5499336feff22f682448dd99cc00a9b36701fcd1 (patch)
tree	84c0fcf73be4f5c51f58c9656aaaefecd3530d9d /program/steps/addressbook/save.inc
parent	61e96cd1f9b32345fd15ae826674f38f0495baa3 (diff)