From 886aafe167bde8b11ea923111d96636394983ffa Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Wed, 24 Aug 2011 08:39:23 +0000
Subject: Don't rely on rcmail->task for session error check; use _REQUEST data
 instead

---
 index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index 001e6f5c9..e5a5ee0aa 100644
--- a/index.php
+++ b/index.php
@@ -155,7 +155,7 @@ else if ($RCMAIL->task != 'login' && $_SESSION['user_id'] && $RCMAIL->action !=
 // not logged in -> show login page
 if (empty($RCMAIL->user->ID)) {
   // log session failures
-  if ($RCMAIL->task != 'login' && $RCMAIL->task != 'logout' && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
+  if (!in_array(get_input_value('_task', RCUBE_INPUT_GPC), array('login','logout')) && !$session_error && ($sess_id = $_COOKIE[ini_get('session.name')])) {
     $RCMAIL->session->log("Aborted session " . $sess_id . "; no valid session data found");
     $session_error = true;
   }
-- 
cgit v1.2.3