summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--core/templates/login.php3
-rw-r--r--lib/base.php10
-rw-r--r--lib/private/user.php2
3 files changed, 14 insertions, 1 deletions
diff --git a/core/templates/login.php b/core/templates/login.php
index 669d20b32e4..0f25f853b02 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,3 +1,5 @@
+<?php /** @var $l OC_L10N */ ?>
+
<!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
<form method="post" name="login">
<fieldset>
@@ -51,6 +53,7 @@
<label for="remember_login"><?php p($l->t('remember')); ?></label>
<?php endif; ?>
<input type="hidden" name="timezone-offset" id="timezone-offset"/>
+ <input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>" disabled="disabled"/>
</fieldset>
</form>
diff --git a/lib/base.php b/lib/base.php
index 882b587a6fd..5f2131f388f 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -765,11 +765,20 @@ class OC {
return;
}
+ // Redirect to index if the logout link is accessed without valid session
+ // this is needed to prevent "Token expired" messages while login if a session is expired
+ // @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
+ if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
+ header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
+ return;
+ }
+
// Someone is logged in :
if (OC_User::isLoggedIn()) {
OC_App::loadApps();
OC_User::setupBackends();
if (isset($_GET["logout"]) and ($_GET["logout"])) {
+ OC_JSON::callCheck();
if (isset($_COOKIE['oc_token'])) {
OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
}
@@ -930,6 +939,7 @@ class OC {
return false;
}
+ OC_JSON::callCheck();
OC_App::loadApps();
//setup extra user backends
diff --git a/lib/private/user.php b/lib/private/user.php
index 5d3ebb57c8c..a8431af97fd 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -365,7 +365,7 @@ class OC_User {
return $backend->getLogoutAttribute();
}
- return 'href="' . link_to('', 'index.php') . '?logout=true"';
+ return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
}
/**