Also check referer on logout action

author: thomascube <thomas@roundcube.net> 2011-02-08 08:19:18 +0000
committer: thomascube <thomas@roundcube.net> 2011-02-08 08:19:18 +0000
commit: de62f02eed97d533ab9cf187c80125297e025065 (patch)
tree: 1defeff31a0d7612ea7f9fc1cb7a393c13b31d31
parent: a77cf2292b1b5e010172b572f618aef78795456b (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/index.php b/index.php
index f50cf2bb3..1b1522683 100644
--- a/index.php
+++ b/index.php
@@ -133,8 +133,8 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
   }
 }
 
-// end session
-else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
+// end session (after optional referer check)
+else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) {
   $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
   $OUTPUT->show_message('loggedout');
   $RCMAIL->logout_actions();
author	thomascube <thomas@roundcube.net>	2011-02-08 08:19:18 +0000
committer	thomascube <thomas@roundcube.net>	2011-02-08 08:19:18 +0000
commit	de62f02eed97d533ab9cf187c80125297e025065 (patch)
tree	1defeff31a0d7612ea7f9fc1cb7a393c13b31d31
parent	a77cf2292b1b5e010172b572f618aef78795456b (diff)