Bug #7669: On invalid token during logout, redirect to initial page

diff --git a/horde/docs/CHANGES b/horde/docs/CHANGES
index 3e120fd..8f713c9 100644 (file)
--- a/horde/docs/CHANGES
+++ b/horde/docs/CHANGES
@@ -45,7 +45,8 @@ v4.0-cvs
 v3.3.9-cvs
 ----------
 
-[mjr] Don't allow fixed blocks to be changed to another type (Bug: 9141).
+[mms] On invalid token during logout, redirect to initial page (Bug #7669).
+[mjr] Don't allow fixed blocks to be changed to another type (Bug #9141).
 [jan] Show future alarms in the alarm management screen too.
 [mjr] Fix bug in Horde_Cache that would prevent cache entries from being
       expired in certain cases, and prevent cache key collisions.

diff --git a/horde/login.php b/horde/login.php
index c9eb7f4..7800d6a 100644 (file)
--- a/horde/login.php
+++ b/horde/login.php
@@ -145,7 +145,13 @@ if ($vars->url) {
 $error_reason = $vars->logout_reason;
 if ($error_reason) {
     if ($is_auth) {
-        Horde::checkRequestToken('horde.logout', $vars->horde_logout_token);
+        try {
+            Horde::checkRequestToken('horde.logout', $vars->horde_logout_token);
+        } catch (Horde_Exception $e) {
+            $notification->push($e, 'horde.error');
+            require HORDE_BASE . '/index.php';
+            exit;
+        }
         $is_auth = null;
     }