diff -r a78b0798a116 -r 7e6537fd4730 plugins/SpecialUserFuncs.php
--- a/plugins/SpecialUserFuncs.php Tue Nov 16 12:44:22 2010 -0500
+++ b/plugins/SpecialUserFuncs.php Tue Jul 12 22:13:37 2011 -0400
@@ -143,7 +143,7 @@
}
if ( $p = $paths->getAllParams() )
{
- echo '';
+ echo '';
}
else if ( isset($_POST['login']) && isset($_POST['return_to']) )
{
@@ -290,7 +290,7 @@
if(isset($_POST['return_to']))
{
$name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to'];
- redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' );
+ redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . htmlspecialchars($name) . '...' );
}
else
{
@@ -326,11 +326,17 @@
global $db, $session, $paths, $template, $plugins; // Common objects
if ( !$session->user_logged_in )
$paths->main_page();
+
+ $token = $paths->getParam(0);
+ if ( $token !== $session->csrf_token )
+ csrf_request_confirm();
+
+ $target_page = ($p = $paths->getParam(1)) ? $p : getConfig('main_page');
$l = $session->logout();
if ( $l == 'success' )
{
- redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
+ redirect(makeUrl($target_page, false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4);
}
$template->header();
echo '