Resolve #5092 "Verloren gegangene Änderungen ais Login/Logout"

Closes #5092 Merge request studip/studip!3807
author: André Noack <noack@data-quest.de> 2025-01-06 08:31:46 +0000
committer: André Noack <noack@data-quest.de> 2025-01-06 08:31:46 +0000
commit: fd3abc4f8c466e3ec396999289ba6f4b7b1bb833 (patch)
tree: 67f3d50dfa39ecc65712e808ed0ac716d831eada
parent: 8d0530e7de15ba67986d4d71fdf86db5a5e26bff (diff)
2 files changed, 15 insertions, 4 deletions
diff --git a/app/controllers/login.php b/app/controllers/login.php
index ea8935c..ad2cf84 100644
--- a/app/controllers/login.php
+++ b/app/controllers/login.php
@@ -49,7 +49,7 @@ class LoginController extends AuthenticatedController
 
 
             foreach (array_keys($GLOBALS['INSTALLED_LANGUAGES']) as $language_key) {
-                if (Request::submitted('set_language_' . $language_key)) {
+                if (Request::get('set_language') === $language_key) {
                     $_SESSION['forced_language'] = $language_key;
                     $_SESSION['_language'] = $language_key;
                     init_i18n($_SESSION['_language']);
@@ -60,7 +60,8 @@ class LoginController extends AuthenticatedController
             }
 
         }
-        if (Request::isPost()) {
+
+        if (Request::submitted('Login')) {
             CSRFProtection::verifyUnsafeRequest();
 
             $check_auth = StudipAuthAbstract::CheckAuthentication(
diff --git a/app/controllers/logout.php b/app/controllers/logout.php
index 22a93f0..3c641de 100644
--- a/app/controllers/logout.php
+++ b/app/controllers/logout.php
@@ -18,15 +18,25 @@ class LogoutController extends AuthenticatedController
 
     public function index_action()
     {
+        if (
+            !Request::isPost()
+            && !(
+                isset($_SESSION['logout_ticket'])
+                && check_ticket($_SESSION['logout_ticket'])
+            )
+        ) {
+            $this->redirect(URLHelper::getURL('dispatch.php/start'));
+            return;
+        }
+
         if ($GLOBALS['user']->id !== 'nobody') {
             $my_messaging_settings = $GLOBALS['user']->cfg->MESSAGING_SETTINGS;
 
             //Wenn Option dafuer gewaehlt, alle ungelsesenen Nachrichten als gelesen speichern
-            if ($my_messaging_settings["logout_markreaded"]) {
+            if (!empty($my_messaging_settings['logout_markreaded'])) {
                 Message::markAllAs();
             }
 
-            $logout_user = $GLOBALS['user']->id;
             $_language = $_SESSION['_language'];
             $contrast = UserConfig::get($GLOBALS['user']->id)->USER_HIGH_CONTRAST;
author	André Noack <noack@data-quest.de>	2025-01-06 08:31:46 +0000
committer	André Noack <noack@data-quest.de>	2025-01-06 08:31:46 +0000
commit	fd3abc4f8c466e3ec396999289ba6f4b7b1bb833 (patch)
tree	67f3d50dfa39ecc65712e808ed0ac716d831eada
parent	8d0530e7de15ba67986d4d71fdf86db5a5e26bff (diff)