diff options
Diffstat (limited to 'plugins/zipdownload')
-rw-r--r-- | plugins/zipdownload/zipdownload.js | 2 | ||||
-rw-r--r-- | plugins/zipdownload/zipdownload.php | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/plugins/zipdownload/zipdownload.js b/plugins/zipdownload/zipdownload.js index 228b04f8f..6f918d298 100644 --- a/plugins/zipdownload/zipdownload.js +++ b/plugins/zipdownload/zipdownload.js @@ -54,7 +54,7 @@ function rcmail_zipdownload(mode) // default .eml download of single message if (mode == 'eml') { var uid = rcmail.get_single_uid(); - rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1})); + rcmail.goto_url('viewsource', rcmail.params_from_uid(uid, {_save: 1}), false, true); return; } diff --git a/plugins/zipdownload/zipdownload.php b/plugins/zipdownload/zipdownload.php index 2928f4978..241de5489 100644 --- a/plugins/zipdownload/zipdownload.php +++ b/plugins/zipdownload/zipdownload.php @@ -63,7 +63,7 @@ class zipdownload extends rcube_plugin '_action' => 'plugin.zipdownload.attachments', '_mbox' => $rcmail->output->env['mailbox'], '_uid' => $rcmail->output->env['uid'], - )); + ), false, false, true); $link = html::a(array('href' => $href, 'class' => 'button zipdownload'), rcube::Q($this->gettext('downloadall')) @@ -120,6 +120,10 @@ class zipdownload extends rcube_plugin public function download_attachments() { $rcmail = rcmail::get_instance(); + + // require CSRF protected request + $rcmail->request_security_check(rcube_utils::INPUT_GET); + $imap = $rcmail->get_storage(); $temp_dir = $rcmail->config->get('temp_dir'); $tmpfname = tempnam($temp_dir, 'zipdownload'); |