summaryrefslogtreecommitdiff
path: root/index.php
diff options
context:
space:
mode:
authorthomascube <thomas@roundcube.net>2011-08-24 08:39:23 +0000
committerthomascube <thomas@roundcube.net>2011-08-24 08:39:23 +0000
commit886aafe167bde8b11ea923111d96636394983ffa (patch)
tree3ac29325f15a80f9fc05f19ee7dce0347e8c95e9 /index.php
parent0c7fe2fd97ecd1289a07a30bba728b304dc99bd2 (diff)
Don't rely on rcmail->task for session error check; use _REQUEST data instead
Diffstat (limited to 'index.php')
-rw-r--r--index.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/index.php b/index.php
index 001e6f5c9..e5a5ee0aa 100644
--- a/index.php
+++ b/index.php
@@ -155,7 +155,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
// not logged in -> show login page
if (empty($RCMAIL->user->ID)) {
// log session failures
- if ($RCMAIL->task != 'login' && $RCMAIL->task != 'logout' && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
+ if (!in_array(get_input_value('_task', RCUBE_INPUT_GPC), array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
$RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
$session_error = true;
}