From 881217a5c95dbfe4e62154a2c0edd135b504220e Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 16 Jul 2009 15:01:05 +0000
Subject: Force ajax calls to protect from CSRF

---
 program/steps/mail/move_del.inc | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'program/steps/mail/move_del.inc')

diff --git a/program/steps/mail/move_del.inc b/program/steps/mail/move_del.inc
index d22cd35bd..103d69e48 100644
--- a/program/steps/mail/move_del.inc
+++ b/program/steps/mail/move_del.inc
@@ -5,7 +5,7 @@
  | program/steps/mail/move_del.inc                                       |
  |                                                                       |
  | This file is part of the RoundCube Webmail client                     |
- | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland                 |
+ | Copyright (C) 2005-2009, RoundCube Dev. - Switzerland                 |
  | Licensed under the GNU GPL                                            |
  |                                                                       |
  | PURPOSE:                                                              |
@@ -19,6 +19,10 @@
 
 */
 
+// only process ajax requests
+if (!$OUTPUT->ajax_call)
+  return;
+
 // count messages before changing anything
 $old_count = $IMAP->messagecount();
 $old_pages = ceil($old_count / $IMAP->page_size);
-- 
cgit v1.2.3