githubFork/roundcubemail.git

githubFork / roundcubemail

Roundcubemail devel

summary
reflog
commits
tree
docs
forks
compare

Force ajax calls to protect from CSRF

thomascube

2009-07-16 881217a5c95dbfe4e62154a2c0edd135b504220e

 program/steps/addressbook/copy.inc

@@ -19,6 +19,10 @@

*/

// only process ajax requests
if (!$OUTPUT->ajax_call)
  return;

$cid = get_input_value('_cid', RCUBE_INPUT_POST);
$target = get_input_value('_to', RCUBE_INPUT_POST);
if ($cid && preg_match('/^[a-z0-9\-_=]+(,[a-z0-9\-_=]+)*$/i', $cid) && strlen($target) && $target != $source)

			@@ -19,6 +19,10 @@

			*/

			// only process ajax requests
			if (!$OUTPUT->ajax_call)
			return;

			$cid = get_input_value('_cid', RCUBE_INPUT_POST);
			$target = get_input_value('_to', RCUBE_INPUT_POST);
			if ($cid && preg_match('/^[a-z0-9\-_=]+(,[a-z0-9\-_=]+)*$/i', $cid) && strlen($target) && $target != $source)