diff options
| author | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-08-10 08:27:40 +0000 |
|---|---|---|
| committer | thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> | 2007-08-10 08:27:40 +0000 |
| commit | 77f0464b4757385011a1cf5bce2ab20a30a73a52 (patch) | |
| tree | 712853f6dcd80a851b094417d76d1d9db3afde6c /roundcubemail/index.php | |
| parent | 881fdfae9ca7810e065a2965304729d561071c29 (diff) | |
Some bugfixes, security issues + minor improvements
git-svn-id: https://svn.roundcube.net/trunk@668 208e9e7b-5314-0410-a742-e7e81cd9613c
Diffstat (limited to 'roundcubemail/index.php')
| -rw-r--r-- | roundcubemail/index.php | 15 |
1 files changed, 13 insertions, 2 deletions
diff --git a/roundcubemail/index.php b/roundcubemail/index.php index 9908cf2a0..6e8b7ffa8 100644 --- a/roundcubemail/index.php +++ b/roundcubemail/index.php @@ -2,7 +2,7 @@ /* +-----------------------------------------------------------------------+ | RoundCube Webmail IMAP Client | - | Version 0.1-20070518 | + | Version 0.1-20070809 | | | | Copyright (C) 2005-2007, RoundCube Dev. - Switzerland | | Licensed under the GNU GPL | @@ -41,7 +41,7 @@ */ // application constants -define('RCMAIL_VERSION', '0.1-20070517'); +define('RCMAIL_VERSION', '0.1-20070809'); define('RCMAIL_CHARSET', 'UTF-8'); define('JS_OBJECT_NAME', 'rcmail'); @@ -218,6 +218,17 @@ if (empty($_SESSION['user_id'])) } +// check client X-header to verify request origin +if ($OUTPUT->ajax_call) +{ + $hdrs = getallheaders(); + if (empty($hdrs['X-RoundCube-Referer']) && empty($CONFIG['devel_mode'])) + { + header('HTTP/1.1 404 Not Found'); + die("Invalid Request"); + } +} + // set task and action to client $OUTPUT->set_env('task', $_task); |