From 1bd5ba05f08cf8dd42e2b61e06eefd991a48e060 Mon Sep 17 00:00:00 2001
From: alec <alec@208e9e7b-5314-0410-a742-e7e81cd9613c>
Date: Fri, 26 Feb 2010 08:06:48 +0000
Subject: - Fix CVE-2010-0464: Disable DNS prefetching (#1486449)

git-svn-id: https://svn.roundcube.net/trunk@3293 208e9e7b-5314-0410-a742-e7e81cd9613c
---
 roundcubemail/program/steps/mail/get.inc | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'roundcubemail/program/steps')

diff --git a/roundcubemail/program/steps/mail/get.inc b/roundcubemail/program/steps/mail/get.inc
index cb938c08b..a41925a65 100644
--- a/roundcubemail/program/steps/mail/get.inc
+++ b/roundcubemail/program/steps/mail/get.inc
@@ -41,6 +41,7 @@ if (!empty($_GET['_uid'])) {
   $MESSAGE = new rcube_message(get_input_value('_uid', RCUBE_INPUT_GET));
 }
 
+send_nocacheing_headers();
 
 // show part page
 if (!empty($_GET['_frame'])) {
@@ -66,8 +67,6 @@ else if ($pid = get_input_value('_part', RCUBE_INPUT_GET)) {
     
     $browser = new rcube_browser;
 
-    send_nocacheing_headers();
-    
     // send download headers
     if ($_GET['_download']) {
       header("Content-Type: application/octet-stream");
-- 
cgit v1.2.3