From a140422a156d3c95d517f7041cf40fba1147d6ad Mon Sep 17 00:00:00 2001
From: kink <kink@7612ce4b-ef26-0410-bec9-ea0150e637f0>
Date: Sat, 14 Jul 2007 17:07:23 +0000
Subject: [PATCH] Fix test for signout.php in the logged in check in init.php
 so it cannot be circumvented by manipulating the URL. External plugins migh
 rely on init.php guarranteeing that the user is logged in. Thanks Stefan
 Esser for finding this.

git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@12528 7612ce4b-ef26-0410-bec9-ea0150e637f0
---
 ChangeLog        | 7 +++++--
 include/init.php | 4 ++--
 src/signout.php  | 3 +++
 3 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0127e344..28532427 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -201,9 +201,12 @@ Version 1.5.2 - SVN
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
     for reporting these issues. [CVE-2007-1262]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
-  - Resolved issue with compose session not being updated after send/safe.
+  - Resolved issue with compose session not being updated after send/save.
   - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
-    thanks to Daniel Watts
+    thanks to Daniel Watts.
+  - Fix test for signout.php in the logged in check in init.php so it
+    cannot be circumvented by manipulating the URL. External plugins migh
+    rely on init.php guarranteeing that the user is logged in.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------
diff --git a/include/init.php b/include/init.php
index a06084b5..916bbcc9 100644
--- a/include/init.php
+++ b/include/init.php
@@ -417,8 +417,8 @@ switch ($sInitLocation) {
             // signout page will deal with users who aren't logged
             // in on its own; don't show error here
             //
-            if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
-            return;
+            if ( defined('PAGE_SIGNOUT') ) {
+                return;
             }
 
             /**
diff --git a/src/signout.php b/src/signout.php
index 37e5a2d6..606a050a 100644
--- a/src/signout.php
+++ b/src/signout.php
@@ -11,6 +11,9 @@
  * @package squirrelmail
  */
 
+/** This is the signout page */
+define('PAGE_SIGNOUT', 1);
+
 /**
  * Include the SquirrelMail initialization file.
  */
-- 
2.25.1