diff options
| -rw-r--r-- | modules/gallery/controllers/logout.php | 1 | ||||
| -rw-r--r-- | modules/gallery/helpers/gallery_event.php | 10 |
2 files changed, 6 insertions, 5 deletions
diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php index fe9c48ba..bfcf0f9e 100644 --- a/modules/gallery/controllers/logout.php +++ b/modules/gallery/controllers/logout.php @@ -19,6 +19,7 @@ */ class Logout_Controller extends Controller { public function index() { + access::verify_csrf(); auth::logout(); if ($continue_url = Input::instance()->get("continue")) { $item = url::get_item_from_uri($continue_url); diff --git a/modules/gallery/helpers/gallery_event.php b/modules/gallery/helpers/gallery_event.php index 5565850d..679d65c2 100644 --- a/modules/gallery/helpers/gallery_event.php +++ b/modules/gallery/helpers/gallery_event.php @@ -117,11 +117,11 @@ class gallery_event_Core { ->url(url::site("form/edit/users/{$user->id}")) ->label($user->display_name())); $menu->append(Menu::factory("link") - ->id("user_menu_logout") - ->css_id("g-logout-link") - ->url(url::site("logout?csrf=$csrf&continue=" . - urlencode($item->url()))) - ->label(t("Logout"))); + ->id("user_menu_logout") + ->css_id("g-logout-link") + ->url(url::site("logout?csrf=$csrf&continue=" . + urlencode(url::abs_current()))) + ->label(t("Logout"))); } } } |