From 4a408843b0ef816daf70a472a02b78cd6073a4d5 Mon Sep 17 00:00:00 2001
From: Thomas Bruederli <thomas@roundcube.net>
Date: Sun, 06 Mar 2016 08:31:07 -0500
Subject: [PATCH] Protect download urls against CSRF using unique request tokens (#1490642) Send X-Frame-Options headers with every HTTP response

---
 plugins/zipdownload/zipdownload.js |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/zipdownload/zipdownload.js b/plugins/zipdownload/zipdownload.js
index af9136c..6f918d2 100644
--- a/plugins/zipdownload/zipdownload.js
+++ b/plugins/zipdownload/zipdownload.js
@@ -43,7 +43,7 @@
             link.html('').append(span);
         }
 
-        span.text(rcmail.gettext('zipdownload.download'));
+        span.text(rcmail.get_label('zipdownload.download'));
         rcmail.env.download_link = link;
     });
   });
@@ -54,7 +54,7 @@
     // default .eml download of single message
     if (mode == 'eml') {
         var uid = rcmail.get_single_uid();
-        rcmail.goto_url('viewsource', {_uid: uid, _mbox: rcmail.get_message_mailbox(uid), _save: 1});
+        rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true);
         return;
     }
 

--
Gitblit v1.9.1