From 784a425e07f8b249b44137eadfe2a5dfe436aaeb Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 3 Feb 2011 22:08:03 +0000
Subject: protect login form submission from CSRF using a request token

---
 program/include/rcube_session.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'program')

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 7384af39c..2bd663c83 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -253,6 +253,7 @@ class rcube_session
    */
   public function kill()
   {
+    $this->vars = false;
     $this->destroy(session_id());
     rcmail::setcookie($this->cookiename, '-del-', time() - 60);
   }
-- 
cgit v1.2.3