From c3be8ed64c601e0b15645664d58cec7ace17b5cb Mon Sep 17 00:00:00 2001
From: thomascube <thomas@roundcube.net>
Date: Thu, 06 Jan 2011 07:41:16 -0500
Subject: [PATCH] Make sure an existing session is killed/replaced when submitting login form

---
 CHANGELOG                          |    1 +
 index.php                          |    2 +-
 program/include/rcmail.php         |    2 +-
 program/include/rcube_template.php |    4 +++-
 4 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index e9af278..7061bf0 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
 CHANGELOG Roundcube Webmail
 ===========================
 
+- Fix double-login/session issue (#1487104)
 - Wrap HTML parts with <html><body> and add Doctype declaration (#1487098)
 - Make rcube_autoload silently skip unknown classes (#1487109)
 - Fix charset detection in vcards with encoded values (#1485542)
diff --git a/index.php b/index.php
index 47b08ef..8c9370e 100644
--- a/index.php
+++ b/index.php
@@ -104,7 +104,7 @@
     rcmail_log_login();
 
     // restore original request parameters
-    $query = array();
+    $query = array('_task' => 'mail');
     if ($url = get_input_value('_url', RCUBE_INPUT_POST))
       parse_str($url, $query);
 
diff --git a/program/include/rcmail.php b/program/include/rcmail.php
index afdb77c..e4078a7 100644
--- a/program/include/rcmail.php
+++ b/program/include/rcmail.php
@@ -208,7 +208,7 @@
     $task = asciiwords($task);
 
     if ($this->user && $this->user->ID)
-      $task = !$task || $task == 'login' ? 'mail' : $task;
+      $task = !$task ? 'mail' : $task;
     else
       $task = 'login';
 
diff --git a/program/include/rcube_template.php b/program/include/rcube_template.php
index d6ea3dc..e914d2e 100755
--- a/program/include/rcube_template.php
+++ b/program/include/rcube_template.php
@@ -1059,6 +1059,7 @@
         $host_attrib = $autocomplete > 0 ? array() : array('autocomplete' => 'off');
         $pass_attrib = $autocomplete > 1 ? array() : array('autocomplete' => 'off');
 
+        $input_task   = new html_hiddenfield(array('name' => '_task', 'value' => 'login'));
         $input_action = new html_hiddenfield(array('name' => '_action', 'value' => 'login'));
         $input_tzone  = new html_hiddenfield(array('name' => '_timezone', 'id' => 'rcmlogintz', 'value' => '_default_'));
         $input_url    = new html_hiddenfield(array('name' => '_url', 'id' => 'rcmloginurl', 'value' => $url));
@@ -1109,7 +1110,8 @@
             $table->add(null, $input_host->show(get_input_value('_host', RCUBE_INPUT_GPC)));
         }
 
-        $out = $input_action->show();
+        $out  = $input_task->show();
+        $out .= $input_action->show();
         $out .= $input_tzone->show();
         $out .= $input_url->show();
         $out .= $table->show();

--
Gitblit v1.9.1