From 6a25531dc896167cc6e598fa780ee6840559aeea Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Mon, 13 Dec 2021 22:40:56 +0100
Subject: [PATCH] check security token on logout. fixes #3561

---
 inc/Action/Logout.php | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/inc/Action/Logout.php b/inc/Action/Logout.php
index 28e8fee584..1fc4f36e2e 100644
--- a/inc/Action/Logout.php
+++ b/inc/Action/Logout.php
@@ -33,6 +33,8 @@ public function preProcess() {
         global $ID;
         global $INPUT;
 
+        if (!checkSecurityToken()) throw new ActionException();
+
         // when logging out during an edit session, unlock the page
         $lockedby = checklock($ID);
         if($lockedby == $INPUT->server->str('REMOTE_USER')) {