Last active
April 20, 2025 18:37
-
-
Save huglester/0730e8b3835d039e1bb9 to your computer and use it in GitHub Desktop.
RoundCube mail - disable CSRF protection on login example
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| /* | |
| Install: | |
| 1) create a folder: disablecsrf inside 'plugins/' directory. | |
| 2) place this file there and name it: disablecsrf.php | |
| 3) go to config/config.inc.php, and add it to plugins, like: | |
| $config['plugins'] = array('disablecsrf'); | |
| CSRF should now be disabled for login. | |
| */ | |
| /** | |
| * Sample plugin to disable csrf for RoundCube mail (tested only on 1.0.3) | |
| * | |
| * @license MIT | |
| * @author [email protected] | |
| */ | |
| class disablecsrf extends rcube_plugin | |
| { | |
| public $task = 'login'; | |
| function init() | |
| { | |
| $this->add_hook('authenticate', array($this, 'authenticate')); | |
| } | |
| function authenticate($args) | |
| { | |
| $args['valid'] = true; | |
| return $args; | |
| } | |
| } |
Life saver.
Awesome fix. Still has its use. Thanks!
Does this still work?
Huglester, what does this thing do? Don't you think it would be wise to include a brief description in the comments?
This should not be used in production. Now other websites can login for a particular user, potentially misleading them. There is a bug somewhere in Roundcube, this is a bad temporary workaround.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks for plugin!
It works with v1.0.0