[RCU] Problem with CSRF

Andreas Meyer a.meyer at nimmini.de
Tue Apr 9 16:20:50 CEST 2019


Michael Orlitzky <michael at orlitzky.com> schrieb am 09.04.19 um 08:16:29 Uhr:

> On 4/9/19 5:32 AM, Andreas Meyer wrote:
> > 
> > public function check_request($mode = rcube_utils::INPUT_POST)
> >    {  return true; }
> > 
> > like so and comment out the rest of the function?
> > Must be wrong, get a blank page.
> >   
> 
> You probably have a typo, that's the way to do it.

Guys, I'm sorry but I don't get it. I made it like this

    public function check_request($mode = rcube_utils::INPUT_POST)
    { return true;
        // check secure token in URL if enabled
        if ($token = $this->get_secure_url_token()) {
            foreach (explode('/', preg_replace('/[?#&].*$/', '', $_SERVER['REQUEST_URI'])) as $tok) {
                if ($tok == $token) {
                    return true;
                }
            }

            $this->request_status = self::REQUEST_ERROR_URL;

            return false;
        }
....

and can logout now but the problem with the empty mailfolders and the not
chooseable preferences remains.

Kind regards

  Andreas

-- 
PGP-Fingerprint: D392 5D21 0299 63D7 5BAE 4562 1E56 B2EA 81A2 59F1
-------------- n?chster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : nicht verfügbar
Dateityp    : application/pgp-signature
Dateigröße  : 228 bytes
Beschreibung: Digitale Signatur von OpenPGP
URL         : <http://lists.roundcube.net/pipermail/users/attachments/20190409/0284da18/attachment.sig>


More information about the users mailing list