Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

- Fix login page loading into an iframe when session expires (#1485952)

  • Loading branch information...
commit ccc80d1ca86b8da8bf24fd805443b4c992e2c187 1 parent ab46578
@alecpl alecpl authored
Showing with 5 additions and 2 deletions.
  1. +1 −0  CHANGELOG
  2. +4 −2 index.php
View
1  CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG RoundCube Webmail
===========================
+- Fix login page loading into an iframe when session expires (#1485952)
- added option 'force_https_port' in 'force_https' plugin (#1486091)
- Option 'force_https' replaced by 'force_https' plugin
- Fix IE issue with non-UTF-8 characters in AJAX response (#1486159)
View
6 index.php
@@ -142,7 +142,7 @@
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
- if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token()) {
+ if (!$RCMAIL->config->get('devel_mode') && rc_request_header('X-RoundCube-Request') != $RCMAIL->get_request_token() && !empty($RCMAIL->user->ID)) {
header('HTTP/1.1 404 Not Found');
die("Invalid Request");
}
@@ -155,10 +155,12 @@
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
-
if ($OUTPUT->ajax_call)
$OUTPUT->redirect(array(), 2000);
+ if (!empty($_REQUEST['_framed']))
+ $OUTPUT->command('redirect', $OUTPUT->app->url());
+
// check if installer is still active
if ($RCMAIL->config->get('enable_installer') && is_readable('./installer/index.php')) {
$OUTPUT->add_footer(html::div(array('style' => "background:#ef9398; border:2px solid #dc5757; padding:0.5em; margin:2em auto; width:50em"),
Please sign in to comment.
Something went wrong with that request. Please try again.