diff -r a78b0798a116 -r 7e6537fd4730 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Tue Nov 16 12:44:22 2010 -0500 +++ b/plugins/SpecialUserFuncs.php Tue Jul 12 22:13:37 2011 -0400 @@ -143,7 +143,7 @@ } if ( $p = $paths->getAllParams() ) { - echo ''; + echo ''; } else if ( isset($_POST['login']) && isset($_POST['return_to']) ) { @@ -290,7 +290,7 @@ if(isset($_POST['return_to'])) { $name = ( isset($paths->pages[$_POST['return_to']]['name']) ) ? $paths->pages[$_POST['return_to']]['name'] : $_POST['return_to']; - redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . $name . '...' ); + redirect( makeUrl($_POST['return_to'], false, true), 'Login successful', 'You have successfully logged into the '.getConfig('site_name').' site as "'.$session->username.'". Redirecting to ' . htmlspecialchars($name) . '...' ); } else { @@ -326,11 +326,17 @@ global $db, $session, $paths, $template, $plugins; // Common objects if ( !$session->user_logged_in ) $paths->main_page(); + + $token = $paths->getParam(0); + if ( $token !== $session->csrf_token ) + csrf_request_confirm(); + + $target_page = ($p = $paths->getParam(1)) ? $p : getConfig('main_page'); $l = $session->logout(); if ( $l == 'success' ) { - redirect(makeUrl(getConfig('main_page'), false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); + redirect(makeUrl($target_page, false, true), 'Logged out', 'You have been successfully logged out, and all cookies have been cleared. You will now be transferred to the main page.', 4); } $template->header(); echo '
'.$l.'
';