summaryrefslogtreecommitdiff
path: root/index.php
diff options
context:
space:
mode:
Diffstat (limited to 'index.php')
-rw-r--r--index.php4
1 files changed, 3 insertions, 1 deletions
diff --git a/index.php b/index.php
index e6fd10a6f..8e2cafe66 100644
--- a/index.php
+++ b/index.php
@@ -142,6 +142,8 @@ else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action !
}
}
+// don't check for valid request tokens in these actions
+$request_check_whitelist = array('login'=>1, 'spell'=>1);
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
@@ -151,7 +153,7 @@ if ($OUTPUT->ajax_call) {
}
}
// check request token in POST form submissions
-else if (!empty($_POST) && $RCMAIL->action != 'login' && !$RCMAIL->check_request()) {
+else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
$OUTPUT->show_message('invalidrequest', 'error');
$OUTPUT->send($RCMAIL->task);
}