From cc670e1ba1a9ec3870e091734458b22f4a63cf56 Mon Sep 17 00:00:00 2001
From: Michael Klier <chi@chimeric.de>
Date: Tue, 4 Sep 2007 20:53:55 +0200
Subject: send security token on login/logout

darcs-hash:20070904185355-23886-e5cbed2357a2697a593409ed0a31f044423db2e1.gz
---
 inc/template.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/inc/template.php b/inc/template.php
index 463a2e0ce..10719c08c 100644
--- a/inc/template.php
+++ b/inc/template.php
@@ -497,9 +497,9 @@ function tpl_button($type){
     case 'login':
       if($conf['useacl'] && $auth){
         if($_SERVER['REMOTE_USER']){
-          print html_btn('logout',$ID,'',array('do' => 'logout',));
+          print html_btn('logout',$ID,'',array('do' => 'logout', 'sectok' => getSecurityToken()));
         }else{
-          print html_btn('login',$ID,'',array('do' => 'login'));
+          print html_btn('login',$ID,'',array('do' => 'login', 'sectok' => getSecurityToken()));
         }
         return true;
       }
@@ -635,11 +635,11 @@ function tpl_actionlink($type,$pre='',$suf='',$inner=''){
     case 'login':
       if($conf['useacl'] && $auth){
         if($_SERVER['REMOTE_USER']){
-          tpl_link(wl($ID,'do=logout'),
+          tpl_link(wl($ID,'do=logout&amp;sectok='.getSecurityToken()),
                    $pre.(($inner)?$inner:$lang['btn_logout']).$suf,
                    'class="action logout" rel="nofollow"');
         }else{
-          tpl_link(wl($ID,'do=login'),
+          tpl_link(wl($ID,'do=login&amp;sectok='.getSecurityToken()),
                    $pre.(($inner)?$inner:$lang['btn_login']).$suf,
                    'class="action login" rel="nofollow"');
         }
-- 
cgit v1.2.3