From 881217a5c95dbfe4e62154a2c0edd135b504220e Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 16 Jul 2009 11:01:05 -0400
Subject: [PATCH] Force ajax calls to protect from CSRF

---
 program/steps/mail/sendmdn.inc |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/program/steps/mail/sendmdn.inc b/program/steps/mail/sendmdn.inc
index c3294e7..f1fb792 100644
--- a/program/steps/mail/sendmdn.inc
+++ b/program/steps/mail/sendmdn.inc
@@ -19,6 +19,9 @@
 
 */
 
+// only process ajax requests
+if (!$OUTPUT->ajax_call)
+  return;
 
 if (!empty($_POST['_uid'])) {
   $sent = rcmail_send_mdn(get_input_value('_uid', RCUBE_INPUT_POST), $smtp_error);

--
Gitblit v1.9.1