Force ajax calls to protect from CSRF

author: thomascube <thomas@roundcube.net> 2009-07-16 15:01:05 +0000
committer: thomascube <thomas@roundcube.net> 2009-07-16 15:01:05 +0000
commit: 881217a5c95dbfe4e62154a2c0edd135b504220e (patch)
tree: bd344407d4c75a3e0004599cbd760fbb35b7fcde /program/steps/mail/addcontact.inc
parent: 7477973d931ffb816b2cbbad9c5bc06e3ef2ecd8 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/program/steps/mail/addcontact.inc b/program/steps/mail/addcontact.inc
index 5f8c6d14d..23e657974 100644
--- a/program/steps/mail/addcontact.inc
+++ b/program/steps/mail/addcontact.inc
@@ -5,7 +5,7 @@
  | program/steps/mail/addcontact.inc                                     |
  |                                                                       |
  | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -19,6 +19,10 @@
 
 */
 
+// only process ajax requests
+if (!$OUTPUT->ajax_call)
+  return;
+
 $done = false;
 $CONTACTS = $RCMAIL->get_address_book(null, true);
author	thomascube <thomas@roundcube.net>	2009-07-16 15:01:05 +0000
committer	thomascube <thomas@roundcube.net>	2009-07-16 15:01:05 +0000
commit	881217a5c95dbfe4e62154a2c0edd135b504220e (patch)
tree	bd344407d4c75a3e0004599cbd760fbb35b7fcde /program/steps/mail/addcontact.inc
parent	7477973d931ffb816b2cbbad9c5bc06e3ef2ecd8 (diff)