From 784a425e07f8b249b44137eadfe2a5dfe436aaeb Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 03 Feb 2011 17:08:03 -0500
Subject: [PATCH] protect login form submission from CSRF using a request token

---
 program/include/rcube_session.php |    1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diff --git a/program/include/rcube_session.php b/program/include/rcube_session.php
index 7384af3..2bd663c 100644
--- a/program/include/rcube_session.php
+++ b/program/include/rcube_session.php
@@ -253,6 +253,7 @@
    */
   public function kill()
   {
+    $this->vars = false;
     $this->destroy(session_id());
     rcmail::setcookie($this->cookiename, '-del-', time() - 60);
   }

--
Gitblit v1.9.1