From 6b8a52d3287a8ead8be26070b354e672e9e1c0fd Mon Sep 17 00:00:00 2001
From: Bharat Mediratta <bharat@menalto.com>
Date: Mon, 4 Jan 2010 21:37:51 -0800
Subject: Fix the logout link to send you back to the current url.  The old
 approach depended on having an $item, which is not the case on all pages (eg:
 tag pages).  Also, check the CSRF in the logout controller, else you can use
 the logout link as a blind forwarder.

---
 modules/gallery/controllers/logout.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'modules/gallery/controllers/logout.php')

diff --git a/modules/gallery/controllers/logout.php b/modules/gallery/controllers/logout.php
index fe9c48ba..bfcf0f9e 100644
--- a/modules/gallery/controllers/logout.php
+++ b/modules/gallery/controllers/logout.php
@@ -19,6 +19,7 @@
  */
 class Logout_Controller extends Controller {
   public function index() {
+    access::verify_csrf();
     auth::logout();
     if ($continue_url = Input::instance()->get("continue")) {
       $item = url::get_item_from_uri($continue_url);
-- 
cgit v1.2.3