From 881217a5c95dbfe4e62154a2c0edd135b504220e Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 16 Jul 2009 15:01:05 +0000
Subject: Force ajax calls to protect from CSRF

---
 program/steps/addressbook/copy.inc | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'program/steps/addressbook/copy.inc')

diff --git a/program/steps/addressbook/copy.inc b/program/steps/addressbook/copy.inc
index 75190a611..a27b67b09 100644
--- a/program/steps/addressbook/copy.inc
+++ b/program/steps/addressbook/copy.inc
@@ -19,6 +19,10 @@
 
 */
 
+// only process ajax requests
+if (!$OUTPUT->ajax_call)
+  return;
+
 $cid = get_input_value('_cid', RCUBE_INPUT_POST);
 $target = get_input_value('_to', RCUBE_INPUT_POST);
 if ($cid && preg_match('/^[a-z0-9\-_=]+(,[a-z0-9\-_=]+)*$/i', $cid) && strlen($target) && $target != $source)
-- 
cgit v1.2.3