diff options
-rw-r--r-- | core/templates/login.php | 3 | ||||
-rw-r--r-- | lib/base.php | 10 | ||||
-rw-r--r-- | lib/private/user.php | 2 |
3 files changed, 14 insertions, 1 deletions
diff --git a/core/templates/login.php b/core/templates/login.php index 669d20b32e4..0f25f853b02 100644 --- a/core/templates/login.php +++ b/core/templates/login.php @@ -1,3 +1,5 @@ +<?php /** @var $l OC_L10N */ ?> + <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]--> <form method="post" name="login"> <fieldset> @@ -51,6 +53,7 @@ <label for="remember_login"><?php p($l->t('remember')); ?></label> <?php endif; ?> <input type="hidden" name="timezone-offset" id="timezone-offset"/> + <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" /> <input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>" disabled="disabled"/> </fieldset> </form> diff --git a/lib/base.php b/lib/base.php index 882b587a6fd..5f2131f388f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -765,11 +765,20 @@ class OC { return; } + // Redirect to index if the logout link is accessed without valid session + // this is needed to prevent "Token expired" messages while login if a session is expired + // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583 + if(isset($_GET['logout']) && !OC_User::isLoggedIn()) { + header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : '')); + return; + } + // Someone is logged in : if (OC_User::isLoggedIn()) { OC_App::loadApps(); OC_User::setupBackends(); if (isset($_GET["logout"]) and ($_GET["logout"])) { + OC_JSON::callCheck(); if (isset($_COOKIE['oc_token'])) { OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']); } @@ -930,6 +939,7 @@ class OC { return false; } + OC_JSON::callCheck(); OC_App::loadApps(); //setup extra user backends diff --git a/lib/private/user.php b/lib/private/user.php index 5d3ebb57c8c..a8431af97fd 100644 --- a/lib/private/user.php +++ b/lib/private/user.php @@ -365,7 +365,7 @@ class OC_User { return $backend->getLogoutAttribute(); } - return 'href="' . link_to('', 'index.php') . '?logout=true"'; + return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"'; } /** |