diff options
author | Aleksander Machniak <alec@alec.pl> | 2014-12-15 13:47:55 +0100 |
---|---|---|
committer | Aleksander Machniak <alec@alec.pl> | 2014-12-15 13:47:55 +0100 |
commit | 376cbfd4f2dfcf455717409b70d9d056cbeb08b1 (patch) | |
tree | 9258578b88810e0cef8e483bd2df30c9e044960d /index.php | |
parent | 753c8849accbbe0cb3ebef01e8b3e2ff3481a336 (diff) |
Fix bugs where CSRF attacks were still possible on some requests
Diffstat (limited to 'index.php')
-rw-r--r-- | index.php | 1 |
1 files changed, 1 insertions, 0 deletions
@@ -172,6 +172,7 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') { // end session (after optional referer check) else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) + && $RCMAIL->check_request(rcube_utils::INPUT_GET) && (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer()) ) { $userdata = array( |