From 681ba6fc3c296cd6cd11050531b8f4e785141786 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Tue, 16 Dec 2014 13:28:48 +0100 Subject: Improve system security by using optional special URL with security token Allows to define separate server/path for image/js/css files Fix bugs where CSRF attacks were still possible on some requests --- program/include/rcmail_output_json.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'program/include/rcmail_output_json.php') diff --git a/program/include/rcmail_output_json.php b/program/include/rcmail_output_json.php index fa35824db..91262acb3 100644 --- a/program/include/rcmail_output_json.php +++ b/program/include/rcmail_output_json.php @@ -181,6 +181,11 @@ class rcmail_output_json extends rcmail_output */ public function raise_error($code, $message) { + if ($code == 403) { + header('HTTP/1.1 403 Forbidden'); + die("Invalid Request"); + } + $this->show_message("Application Error ($code): $message", 'error'); $this->remote_response(); exit; -- cgit v1.2.3