From ec045b0a24bbb0de2b203961b453a9f5bd640f34 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 22 Mar 2011 07:49:43 +0000
Subject: Revert r4609 and use stateless request tokens; no need to save them
 in session and thus no keep-alive necessary; fixes #1487829

---
 index.php | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 21d5d859a..6cf833e4b 100644
--- a/index.php
+++ b/index.php
@@ -154,9 +154,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
 
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-  if ($RCMAIL->action == 'keep-alive')
-    $OUTPUT->send();
-  else if ($OUTPUT->ajax_call)
+  if ($OUTPUT->ajax_call)
     $OUTPUT->redirect(array(), 2000);
 
   if (!empty($_REQUEST['_framed']))
@@ -184,7 +182,7 @@ else {
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
       header('HTTP/1.1 404 Not Found');
       die("Invalid Request");
     }
-- 
cgit v1.2.3