Force ajax calls to protect from CSRF

author: thomascube <thomas@roundcube.net> 2009-07-16 15:01:05 +0000
committer: thomascube <thomas@roundcube.net> 2009-07-16 15:01:05 +0000
commit: 881217a5c95dbfe4e62154a2c0edd135b504220e (patch)
tree: bd344407d4c75a3e0004599cbd760fbb35b7fcde /program/steps/mail/mark.inc
parent: 7477973d931ffb816b2cbbad9c5bc06e3ef2ecd8 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/program/steps/mail/mark.inc b/program/steps/mail/mark.inc
index 339beca4b..c3ddf7b8c 100644
--- a/program/steps/mail/mark.inc
+++ b/program/steps/mail/mark.inc
@@ -4,7 +4,7 @@
  | program/steps/mail/mark.inc                                           |
  |                                                                       |
  | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -18,6 +18,10 @@
 
 */
 
+// only process ajax requests
+if (!$OUTPUT->ajax_call)
+  return;
+
 $a_flags_map = array(
   'undelete' => 'UNDELETED',
   'delete' => 'DELETED',
author	thomascube <thomas@roundcube.net>	2009-07-16 15:01:05 +0000
committer	thomascube <thomas@roundcube.net>	2009-07-16 15:01:05 +0000
commit	881217a5c95dbfe4e62154a2c0edd135b504220e (patch)
tree	bd344407d4c75a3e0004599cbd760fbb35b7fcde /program/steps/mail/mark.inc
parent	7477973d931ffb816b2cbbad9c5bc06e3ef2ecd8 (diff)