Fix the logout link to send you back to the current url. The old

approach depended on having an $item, which is not the case on all pages (eg: tag pages). Also, check the CSRF in the logout controller, else you can use the logout link as a blind forwarder.
author: Bharat Mediratta <bharat@menalto.com> 2010-01-04 21:37:51 -0800
committer: Bharat Mediratta <bharat@menalto.com> 2010-01-04 21:37:51 -0800
commit: 6b8a52d3287a8ead8be26070b354e672e9e1c0fd (patch)
tree: a533f941d9a10aaacd3f68b5acef67206325421b /modules/gallery/helpers
parent: bfcd4efe9282bc7cbaea13dd68b507c2f142f18f (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php
index 5565850d..679d65c2 100644
--- a/modules/gallery/helpers/gallery_event.php
+++ b/modules/gallery/helpers/gallery_event.php
@@ -117,11 +117,11 @@ class gallery_event_Core {
                       ->url(url::site("form/edit/users/{$user->id}"))
                       ->label($user->display_name()));
         $menu->append(Menu::factory("link")
-                    ->id("user_menu_logout")
-                    ->css_id("g-logout-link")
-                    ->url(url::site("logout?csrf=$csrf&amp;continue=" .
-                                    urlencode($item->url())))
-                    ->label(t("Logout")));
+                      ->id("user_menu_logout")
+                      ->css_id("g-logout-link")
+                      ->url(url::site("logout?csrf=$csrf&amp;continue=" .
+                                      urlencode(url::abs_current())))
+                      ->label(t("Logout")));
       }
     }
   }
author	Bharat Mediratta <bharat@menalto.com>	2010-01-04 21:37:51 -0800
committer	Bharat Mediratta <bharat@menalto.com>	2010-01-04 21:37:51 -0800
commit	6b8a52d3287a8ead8be26070b354e672e9e1c0fd (patch)
tree	a533f941d9a10aaacd3f68b5acef67206325421b /modules/gallery/helpers
parent	bfcd4efe9282bc7cbaea13dd68b507c2f142f18f (diff)