From 376cbfd4f2dfcf455717409b70d9d056cbeb08b1 Mon Sep 17 00:00:00 2001
From: Aleksander Machniak <alec@alec.pl>
Date: Mon, 15 Dec 2014 07:47:55 -0500
Subject: [PATCH] Fix bugs where CSRF attacks were still possible on some requests

---
 index.php |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/index.php b/index.php
index 082f11e..a3f54bb 100644
--- a/index.php
+++ b/index.php
@@ -172,6 +172,7 @@
 
 // end session (after optional referer check)
 else if ($RCMAIL->task == 'logout' && isset($_SESSION['user_id'])
+    && $RCMAIL->check_request(rcube_utils::INPUT_GET)
     && (!$RCMAIL->config->get('referer_check') || rcube_utils::check_referer())
 ) {
     $userdata = array(

--
Gitblit v1.9.1