/*
+-------------------------------------------------------------------------+
| Roundcube Webmail IMAP Client |
- | Version 0.6 |
+ | Version 0.7.2 |
| |
- | Copyright (C) 2005-2011, The Roundcube Dev Team |
+ | Copyright (C) 2005-2012, The Roundcube Dev Team |
| |
| This program is free software; you can redistribute it and/or modify |
| it under the terms of the GNU General Public License version 2 |
| Author: Thomas Bruederli <roundcube@gmail.com> |
+-------------------------------------------------------------------------+
- $Id: index.php 5292 2011-09-28 19:16:41Z thomasb $
+ $Id: index.php 5995 2012-03-11 16:22:50Z thomasb $
*/
// init application, start session, init output class, etc.
$RCMAIL = rcmail::get_instance();
+// Make the whole PHP output non-cacheable (#1487797)
+send_nocacheing_headers();
+
// turn on output buffering
ob_start();
)
);
}
-
+
if ($session_error || $_REQUEST['_err'] == 'session')
$OUTPUT->show_message('sessionerror', 'error', null, true, -1);
// check client X-header to verify request origin
if ($OUTPUT->ajax_call) {
if (rc_request_header('X-Roundcube-Request') != $RCMAIL->get_request_token() && !$RCMAIL->config->get('devel_mode')) {
- header('HTTP/1.1 404 Not Found');
+ header('HTTP/1.1 403 Forbidden');
die("Invalid Request");
}
}
}
}
+// we're ready, user is authenticated and the request is safe
+$plugin = $RCMAIL->plugins->exec_hook('ready', array('task' => $RCMAIL->task, 'action' => $RCMAIL->action));
+$RCMAIL->set_task($plugin['task']);
+$RCMAIL->action = $plugin['action'];
+
+
// handle special actions
if ($RCMAIL->action == 'keep-alive') {
$OUTPUT->reset();
projects / roundcube.git / blobdiff