Protect log out actions against CSRF. Props markjaquith and ionfish. Fixes #7790.

git-svn-id: http://svn.automattic.com/wordpress/trunk@9025 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
westi
2008-09-28 21:05:37 +00:00
parent 3a0c8ef52c
commit f419d59754
8 changed files with 48 additions and 8 deletions

View File

@@ -272,7 +272,7 @@ $http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
switch ($action) {
case 'logout' :
check_admin_referer('log-out');
wp_logout();
$redirect_to = 'wp-login.php?loggedout=true';