From 4c6a3d7d8ac56b9fea777781b291cfde956a7e9a Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Wed, 8 Aug 2012 08:44:46 +0200
Subject: - Check request tokens also in devel_mode

Conflicts:

	index.php
---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/index.php b/index.php
index ab094dfaf..17031f881 100644
--- a/index.php
+++ b/index.php
@@ -225,7 +225,7 @@ else {
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
       header('HTTP/1.1 403 Forbidden');
       die("Invalid Request");
     }
-- 
cgit v1.2.3