Changes between Version 1 and Version 2 of Ticket #1487829, comment 6


Ignore:
Timestamp:
Mar 14, 2011 10:19:51 AM (2 years ago)
Author:
alec
Comment:

Legend:

Unmodified
Added
Removed
Modified

  • Ticket #1487829, comment 6

    v1 v2  
    1 Maybe we could return true from rcmail::check_request() when {{{$_SESSION['request_tokens']}}} is empty? 
     1Maybe we could return true from rcmail::check_request() when {{{$_SESSION['request_tokens']}}} is empty or something like this patch: 
     2{{{ 
     3--- index.php   (wersja 4607) 
     4+++ index.php   (kopia robocza) 
     5@@ -75,7 +75,7 @@ 
     6  
     7 // try to log in 
     8 if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { 
     9-  $request_valid = $_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login'); 
     10+  $request_valid = empty($RCMAIL->user->ID) || ($_SESSION['temp'] && $RCMAIL->check_request(RCUBE_INPUT_POST, 'login')); 
     11  
     12   // purge the session in case of new login when a session already exists  
     13   $RCMAIL->kill_session(); 
     14 
     15}}} 
     16I think token check is not needed when user is not logged in.