check security token on logout. fixes #3561

inc/Action/Logout.php

@@ -33,6 +33,8 @@ public function preProcess() {
         global $ID;
         global $INPUT;
 
+        if (!checkSecurityToken()) throw new ActionException();
+
         // when logging out during an edit session, unlock the page
         $lockedby = checklock($ID);
         if($lockedby == $INPUT->server->str('REMOTE_USER')) {