diff --git a/app/controllers/login.php b/app/controllers/login.php
index ea8935c9995b5c3bd1b895d305e13952e5e553fa..ad2cf84d7b544a3eddeeff6418b9385c0e1752cd 100644
--- a/app/controllers/login.php
+++ b/app/controllers/login.php
@@ -49,7 +49,7 @@ class LoginController extends AuthenticatedController
foreach (array_keys($GLOBALS['INSTALLED_LANGUAGES']) as $language_key) {
- if (Request::submitted('set_language_' . $language_key)) {
+ if (Request::get('set_language') === $language_key) {
$_SESSION['forced_language'] = $language_key;
$_SESSION['_language'] = $language_key;
init_i18n($_SESSION['_language']);
@@ -60,7 +60,8 @@ class LoginController extends AuthenticatedController
}
}
- if (Request::isPost()) {
+
+ if (Request::submitted('Login')) {
CSRFProtection::verifyUnsafeRequest();
$check_auth = StudipAuthAbstract::CheckAuthentication(
diff --git a/app/controllers/logout.php b/app/controllers/logout.php
index 22a93f09bb11cadd53168a7e6e2b6bc76f9bb317..3c641de12cf65ea9513c2cb14a9a4027ca5de7a7 100644
--- a/app/controllers/logout.php
+++ b/app/controllers/logout.php
@@ -18,15 +18,25 @@ class LogoutController extends AuthenticatedController
public function index_action()
{
+ if (
+ !Request::isPost()
+ && !(
+ isset($_SESSION['logout_ticket'])
+ && check_ticket($_SESSION['logout_ticket'])
+ )
+ ) {
+ $this->redirect(URLHelper::getURL('dispatch.php/start'));
+ return;
+ }
+
if ($GLOBALS['user']->id !== 'nobody') {
$my_messaging_settings = $GLOBALS['user']->cfg->MESSAGING_SETTINGS;
//Wenn Option dafuer gewaehlt, alle ungelsesenen Nachrichten als gelesen speichern
- if ($my_messaging_settings["logout_markreaded"]) {
+ if (!empty($my_messaging_settings['logout_markreaded'])) {
Message::markAllAs();
}
- $logout_user = $GLOBALS['user']->id;
$_language = $_SESSION['_language'];
$contrast = UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST;