diff options
author | Steve Beaver <sbeaver@netgate.com> | 2017-02-10 17:07:48 -0500 |
---|---|---|
committer | Steve Beaver <sbeaver@netgate.com> | 2017-02-10 17:07:48 -0500 |
commit | ce437697cdd7e85c6e604f3bec821305600f7e39 (patch) | |
tree | fffbbe188c7a0650da511b26bb9a9454f8526a51 | |
parent | 4b72f68fd9fa2c33d34efafc23f31a374f1a6a5a (diff) | |
download | pfsense-ce437697cdd7e85c6e604f3bec821305600f7e39.zip pfsense-ce437697cdd7e85c6e604f3bec821305600f7e39.tar.gz |
logout via POST
-rw-r--r-- | src/etc/inc/auth.inc | 6 | ||||
-rw-r--r-- | src/usr/local/www/head.inc | 6 |
2 files changed, 6 insertions, 6 deletions
diff --git a/src/etc/inc/auth.inc b/src/etc/inc/auth.inc index 8522f37..c940705 100644 --- a/src/etc/inc/auth.inc +++ b/src/etc/inc/auth.inc @@ -1779,7 +1779,7 @@ function session_auth() { if (!isset($config['system']['webgui']['session_timeout'])) { /* Default to 4 hour timeout if one is not set */ if ($_SESSION['last_access'] < (time() - 14400)) { - $_GET['logout'] = true; + $_POST['logout'] = true; $_SESSION['Logout'] = true; } else { $_SESSION['last_access'] = time(); @@ -1792,7 +1792,7 @@ function session_auth() { } else { /* Check for stale session */ if ($_SESSION['last_access'] < (time() - ($config['system']['webgui']['session_timeout'] * 60))) { - $_GET['logout'] = true; + $_POST['logout'] = true; $_SESSION['Logout'] = true; } else { /* only update if it wasn't ajax */ @@ -1803,7 +1803,7 @@ function session_auth() { } /* user hit the logout button */ - if (isset($_GET['logout'])) { + if (isset($_POST['logout'])) { if ($_SESSION['Logout']) { log_error(sprintf(gettext("Session timed out for user '%1\$s' from: %2\$s"), $_SESSION['Username'], $_SERVER['REMOTE_ADDR'])); diff --git a/src/usr/local/www/head.inc b/src/usr/local/www/head.inc index d9464d5..a908a12 100644 --- a/src/usr/local/www/head.inc +++ b/src/usr/local/www/head.inc @@ -207,7 +207,7 @@ function output_menu($arrayitem, $target = null, $section = "") { if ($item[0] == '-DIVIDER-') { $output .= ' <li class="divider"></li>'; } else { - $output .= "<li>". sprintf("<a %s>%s</a>", $attr, $item[0]) . "</li>\n"; + $output .= "<li>". sprintf("<a %s %s>%s</a>", $attr, ($item[1] == "/index.php?logout") ? "usepost":"",$item[0]) . "</li>\n"; } } } @@ -505,7 +505,7 @@ if (are_notices_pending()) { endif; ?> <li class="dropdown"> - <a href="/index.php?logout"> + <a href="/index.php?logout" usepost> <i class="fa fa-sign-out" title="<?=gettext("Logout") . " (" . $_SESSION['Username'] . "@" . htmlspecialchars($system_url) . ")"?>"></i> </a> </li> @@ -524,7 +524,7 @@ if (are_notices_pending()) { unset($notitle); } else { if (isset($pglinks)) { - print(genhtmltitle($pgtitle, $pglinks)); + print(genhtmltitle($pgtitle, $pglinks)); } else { print(genhtmltitle($pgtitle)); } |