From de62f02eed97d533ab9cf187c80125297e025065 Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Tue, 8 Feb 2011 08:19:18 +0000
Subject: Also check referer on logout action

---
 index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'index.php')

diff --git a/index.php b/index.php
index f50cf2bb3..1b1522683 100644
--- a/index.php
+++ b/index.php
@@ -133,8 +133,8 @@ if ($RCMAIL->task == 'login' && $RCMAIL->action == 'login') {
   }
 }
 
-// end session
-else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])) {
+// end session (after optional referer check)
+else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id']) && (!$RCMAIL->config->get('referer_check') || rcube_check_referer())) {
   $userdata = array('user' => $_SESSION['username'], 'host' => $_SESSION['imap_host'], 'lang' => $RCMAIL->user->language);
   $OUTPUT->show_message('loggedout');
   $RCMAIL->logout_actions();
-- 
cgit v1.2.3