From 681ba6fc3c296cd6cd11050531b8f4e785141786 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Tue, 16 Dec 2014 13:28:48 +0100
Subject: Improve system security by using optional special URL with security
 token Allows to define separate server/path for image/js/css files Fix bugs
 where CSRF attacks were still possible on some requests

---
 plugins/legacy_browser/js/iehacks.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins/legacy_browser/js/iehacks.js')

diff --git a/plugins/legacy_browser/js/iehacks.js b/plugins/legacy_browser/js/iehacks.js
index 8f88e6f57..105b7dabc 100644
--- a/plugins/legacy_browser/js/iehacks.js
+++ b/plugins/legacy_browser/js/iehacks.js
@@ -102,7 +102,7 @@ rcube_webmail.prototype.get_input_selection = function(obj)
 rcube_webmail.prototype.async_upload_form_frame = function(name)
 {
   document.body.insertAdjacentHTML('BeforeEnd', '<iframe name="' + name + '"'
-    + ' src="program/resources/blank.gif" style="width:0; height:0; visibility:hidden"></iframe>');
+    + ' src="' + rcmail.assets_path('program/resources/blank.gif') + '" style="width:0; height:0; visibility:hidden"></iframe>');
 
   return $('iframe[name="' + name + '"]');
 };
-- 
cgit v1.2.3