A couple of security issues fixed.

[fa-stable.git] / includes / session.inc

diff --git a/includes/session.inc b/includes/session.inc
index 0089095be1fd341a3b9dc02f19e4b0cc3944ed0e..869ce9a805820d5ee5ccb4145b72e07ebf850f00 100644 (file)
--- a/includes/session.inc
+++ b/includes/session.inc
@@ -412,7 +412,7 @@ html_cleanup($_SERVER);
 
 // logout.php is the only page we should have always 
 // accessable regardless of access level and current login status.
-if (strstr($_SERVER['PHP_SELF'], 'logout.php') == false){
+if (!defined('FA_LOGOUT_PHP_FILE')){
 
        login_timeout();
 
@@ -481,4 +481,4 @@ $SysPrefs = &$_SESSION['SysPrefs'];
 // We quote all values later with db_escape() before db update.
 $_POST = strip_quotes($_POST);
 
-?>
\ No newline at end of file
+?>