Fix test for signout.php in the logged in check in init.php so it

cannot be circumvented by manipulating the URL. External plugins migh
rely on init.php guarranteeing that the user is logged in.
Thanks Stefan Esser for finding this.

ChangeLog

@@ -201,9 +201,12 @@ Version 1.5.2 - SVN
     images. Thanks to Mikhail Markin, Tomas Kuliavas and Michael Jordon
     for reporting these issues. [CVE-2007-1262]
   - Fix busy loop and notice when two literals in IMAP fetch (#1739433).
-  - Resolved issue with compose session not being updated after send/safe.
+  - Resolved issue with compose session not being updated after send/save.
   - Added ability to detect HTTP_X_FORWARDED_PROTO in get_location(),
-    thanks to Daniel Watts
+    thanks to Daniel Watts.
+  - Fix test for signout.php in the logged in check in init.php so it
+    cannot be circumvented by manipulating the URL. External plugins migh
+    rely on init.php guarranteeing that the user is logged in.
 
 Version 1.5.1 (branched on 2006-02-12)
 --------------------------------------

include/init.php

@@ -417,8 +417,8 @@ switch ($sInitLocation) {
             // signout page will deal with users who aren't logged
             // in on its own; don't show error here
             //
-            if (strpos($PHP_SELF, 'signout.php') !== FALSE) {
-            return;
+            if ( defined('PAGE_SIGNOUT') ) {
+                return;
             }
 
             /**

src/signout.php

@@ -11,6 +11,9 @@
  * @package squirrelmail
  */
 
+/** This is the signout page */
+define('PAGE_SIGNOUT', 1);
+
 /**
  * Include the SquirrelMail initialization file.
  */