From 0ddf59aeb4ff1caf7d578336f1493aec09f385a6 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Fri, 7 Aug 2009 15:37:15 +0000
Subject: Fix spell check (#1486036)

---
 index.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index e6fd10a6f..8e2cafe66 100644
--- a/index.php
+++ b/index.php
@@ -142,6 +142,8 @@ else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action !
   }
 }
 
+// don't check for valid request tokens in these actions
+$request_check_whitelist = array('login'=>1, 'spell'=>1);
 
 // check client X-header to verify request origin
 if ($OUTPUT->ajax_call) {
@@ -151,7 +153,7 @@ if ($OUTPUT->ajax_call) {
   }
 }
 // check request token in POST form submissions
-else if (!empty($_POST) && $RCMAIL->action != 'login' && !$RCMAIL->check_request()) {
+else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) {
   $OUTPUT->show_message('invalidrequest', 'error');
   $OUTPUT->send($RCMAIL->task);
 }
-- 
cgit v1.2.3