Protect log out actions against CSRF. Props markjaquith and ionfish. Fixes #7790.
git-svn-id: http://svn.automattic.com/wordpress/trunk@9025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
@@ -272,7 +272,7 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
|
||||
switch ($action) {
|
||||
|
||||
case 'logout' :
|
||||
|
||||
check_admin_referer('log-out');
|
||||
wp_logout();
|
||||
|
||||
$redirect_to = 'wp-login.php?loggedout=true';
|
||||
|
||||
Reference in New Issue
Block a user