diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-08-07 15:37:15 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2009-08-07 15:37:15 +0000 |
| commit | 182b4a10fac14ef0c9427b8c69b1970a564018c0 (patch) | |
| tree | 8e674eb565efb50ba976df0289cec8cbad124698 | |
| parent | a5e4758dd31ec5ba603d0ef5e5159450752bf98d (diff) | |
Fix spell check (#1486036)
git-svn-id: https://svn.roundcube.net/trunk@2845 208e9e7b-5314-0410-a742-e7e81cd9613c
| -rw-r--r-- | roundcubemail/index.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/roundcubemail/index.php b/roundcubemail/index.php index e6fd10a6f..8e2cafe66 100644 --- a/roundcubemail/index.php +++ b/roundcubemail/index.php @@ -142,6 +142,8 @@ else if ($RCMAIL->action != 'login' && $_SESSION['user_id'] && $RCMAIL->action ! } } +// don't check for valid request tokens in these actions +$request_check_whitelist = array('login'=>1, 'spell'=>1); // check client X-header to verify request origin if ($OUTPUT->ajax_call) { @@ -151,7 +153,7 @@ if ($OUTPUT->ajax_call) { } } // check request token in POST form submissions -else if (!empty($_POST) && $RCMAIL->action != 'login' && !$RCMAIL->check_request()) { +else if (!empty($_POST) && !$request_check_whitelist[$RCMAIL->action] && !$RCMAIL->check_request()) { $OUTPUT->show_message('invalidrequest', 'error'); $OUTPUT->send($RCMAIL->task); } |