diff options
| author | Bharat Mediratta <bharat@menalto.com> | 2010-01-04 21:37:51 -0800 |
|---|---|---|
| committer | Bharat Mediratta <bharat@menalto.com> | 2010-01-04 21:37:51 -0800 |
| commit | 6b8a52d3287a8ead8be26070b354e672e9e1c0fd (patch) | |
| tree | a533f941d9a10aaacd3f68b5acef67206325421b /modules/gallery/controllers/logout.php | |
| parent | bfcd4efe9282bc7cbaea13dd68b507c2f142f18f (diff) | |
Fix the logout link to send you back to the current url. The old
approach depended on having an $item, which is not the case on all
pages (eg: tag pages). Also, check the CSRF in the logout controller,
else you can use the logout link as a blind forwarder.
Diffstat (limited to 'modules/gallery/controllers/logout.php')
| -rw-r--r-- | modules/gallery/controllers/logout.php | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index fe9c48ba..bfcf0f9e 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -19,6 +19,7 @@ */ class Logout_Controller extends Controller { public function index() { + access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { $item = url::get_item_from_uri($continue_url); |