From 73b914ddbc4389a25e45e28b5fe23592d0b09a94 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 4 May 2014 13:56:21 +0200
Subject: [PATCH 1/2] Add CSRF check on login and logout This is a minor issue
 and not worth a backport in my opinion as it could break more things than
 it's worth having it.

---
 core/templates/login.php | 3 +++
 lib/base.php             | 2 ++
 lib/private/user.php     | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/core/templates/login.php b/core/templates/login.php
index 65f760c1ee8..a7e93a499b5 100644
--- a/core/templates/login.php
+++ b/core/templates/login.php
@@ -1,3 +1,5 @@
+<?php /** @var $l OC_L10N */ ?>
+
 <!--[if IE 8]><style>input[type="checkbox"]{padding:0;}</style><![endif]-->
 <form method="post" name="login">
 	<fieldset>
@@ -51,6 +53,7 @@
 		<label for="remember_login"><?php p($l->t('remember')); ?></label>
 		<?php endif; ?>
 		<input type="hidden" name="timezone-offset" id="timezone-offset"/>
+		<input type="hidden" name="requesttoken" value="<?php p($_['requesttoken']) ?>" />
 		<input type="submit" id="submit" class="login primary" value="<?php p($l->t('Log in')); ?>"/>
 	</fieldset>
 </form>
diff --git a/lib/base.php b/lib/base.php
index 1f7d0c0da65..3ef9ce4beb2 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -773,6 +773,7 @@ class OC {
 			OC_App::loadApps();
 			OC_User::setupBackends();
 			if (isset($_GET["logout"]) and ($_GET["logout"])) {
+				OC_JSON::callCheck();
 				if (isset($_COOKIE['oc_token'])) {
 					OC_Preferences::deleteKey(OC_User::getUser(), 'login_token', $_COOKIE['oc_token']);
 				}
@@ -939,6 +940,7 @@ class OC {
 			return false;
 		}
 
+		OC_JSON::callCheck();
 		OC_App::loadApps();
 
 		//setup extra user backends
diff --git a/lib/private/user.php b/lib/private/user.php
index 7106d664aca..21711cbf087 100644
--- a/lib/private/user.php
+++ b/lib/private/user.php
@@ -354,7 +354,7 @@ class OC_User {
 			return $backend->getLogoutAttribute();
 		}
 
-		return 'href="' . link_to('', 'index.php') . '?logout=true"';
+		return 'href="' . link_to('', 'index.php') . '?logout=true&requesttoken=' . OC_Util::callRegister() . '"';
 	}
 
 	/**

From e1e1009ccc304f6e527c3cc392b510f6d8868533 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Sun, 11 May 2014 13:09:46 +0200
Subject: [PATCH 2/2]  Redirect to index if the logout link is accessed without
 valid session

This is needed to prevent "Token expired" messages while login if a session is expired
@see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
---
 lib/base.php | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/lib/base.php b/lib/base.php
index 3ef9ce4beb2..1e1e5f6b113 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -768,6 +768,14 @@ class OC {
 			return;
 		}
 
+		// Redirect to index if the logout link is accessed without valid session
+		// this is needed to prevent "Token expired" messages while login if a session is expired
+		// @see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
+		if(isset($_GET['logout']) && !OC_User::isLoggedIn()) {
+			header("Location: " . OC::$WEBROOT.(empty(OC::$WEBROOT) ? '/' : ''));
+			return;
+		}
+
 		// Someone is logged in :
 		if (OC_User::isLoggedIn()) {
 			OC_App::loadApps();