Improve system security by using optional special URL with security token

Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests
author: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
committer: Aleksander Machniak <alec@alec.pl> 2014-12-16 13:28:48 +0100
commit: 681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree: 77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /program/steps/mail/compose.inc
parent: 53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/program/steps/mail/compose.inc b/program/steps/mail/compose.inc
index 5492f390d..fd25cf402 100644
--- a/program/steps/mail/compose.inc
+++ b/program/steps/mail/compose.inc
@@ -951,7 +951,7 @@ function rcmail_compose_body($attrib)
             "googie.setCurrentLanguage('%s');\n".
             "googie.setDecoration(false);\n".
             "googie.decorateTextarea('%s');\n",
-            $RCMAIL->output->get_skin_path(),
+            $RCMAIL->output->asset_url($RCMAIL->output->get_skin_path()),
             $RCMAIL->url(array('_task' => 'utils', '_action' => 'spell', '_remote' => 1)),
                 !empty($dictionary) ? 'true' : 'false',
             rcube::JQ(rcube::Q($RCMAIL->gettext('checkspelling'))),
author	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
committer	Aleksander Machniak <alec@alec.pl>	2014-12-16 13:28:48 +0100
commit	681ba6fc3c296cd6cd11050531b8f4e785141786 (patch)
tree	77cd99edc9536c1e85e5ee057d231aa3aa5e0aba /program/steps/mail/compose.inc
parent	53b7421d4419ce12c62d47e5b1231240cefdc3d5 (diff)