Revert r4609 and use stateless request tokens; no need to save them in session and thus no keep-alive necessary; fixes #1487829

git-svn-id: https://svn.roundcube.net/trunk@4615 208e9e7b-5314-0410-a742-e7e81cd9613c
author: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-03-22 07:49:43 +0000
committer: thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c> 2011-03-22 07:49:43 +0000
commit: c714ec706f0e4c02344f9d0dd33421093c761464 (patch)
tree: 0a55e8bbb687fe1e53fda7ea4e57141a4dca5623 /roundcubemail/index.php
parent: 4c3144b911456c9dfab765643fbdb11e493e0254 (diff)
1 files changed, 2 insertions, 4 deletions
diff --git a/roundcubemail/index.php b/roundcubemail/index.php
index 21d5d859a..6cf833e4b 100644
--- a/roundcubemail/index.php
+++ b/roundcubemail/index.php
@@ -154,9 +154,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
 
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
-  if ($RCMAIL->action == 'keep-alive')
-    $OUTPUT->send();
-  else if ($OUTPUT->ajax_call)
+  if ($OUTPUT->ajax_call)
     $OUTPUT->redirect(array(), 2000);
 
   if (!empty($_REQUEST['_framed']))
@@ -184,7 +182,7 @@ else {
 
   // check client X-header to verify request origin
   if ($OUTPUT->ajax_call) {
-    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token()) {
+    if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
       header('HTTP/1.1 404 Not Found');
       die("Invalid Request");
     }
author	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-03-22 07:49:43 +0000
committer	thomasb <thomasb@208e9e7b-5314-0410-a742-e7e81cd9613c>	2011-03-22 07:49:43 +0000
commit	c714ec706f0e4c02344f9d0dd33421093c761464 (patch)
tree	0a55e8bbb687fe1e53fda7ea4e57141a4dca5623 /roundcubemail/index.php
parent	4c3144b911456c9dfab765643fbdb11e493e0254 (diff)