Add CSRF protection to logout link - Auth token is used to avoid possibly leaking real csrf token

include/staff/header.inc.php

@@ -23,7 +23,6 @@
     if($ost && ($headers=$ost->getExtraHeaders())) {
         echo "\n\t".implode("\n\t", $headers)."\n";
     }
-    csrf_enable_ajax();
     ?>
 </head>
 <body onunload="">
@@ -37,7 +36,8 @@
             <?php }else{ ?>
             | <a href="index.php">Staff Panel</a>
             <?php } ?>
-            | <a href="profile.php">My Preferences</a> | <a href="logout.php">Log Out</a>
+            | <a href="profile.php">My Preferences</a> 
+            | <a href="logout.php?auth=<?php echo md5($ost->getCSRFToken().SECRET_SALT.session_id()); ?>">Log Out</a>
         </p>
     </div>
     <ul id="nav">

scp/logout.php

@@ -15,6 +15,10 @@
     vim: expandtab sw=4 ts=4 sts=4:
 **********************************************************************/
 require('staff.inc.php');
+//CSRF Check: Make sure the user actually clicked on the link to logout.
+if(!$_GET['auth'] || $_GET['auth']!=md5($ost->getCSRFToken().SECRET_SALT.session_id()))
+   @header('Location: index.php');
+
 $ost->logDebug('Staff logout',
         sprintf("%s logged out [%s]", 
             $thisstaff->getUserName(), $_SERVER['REMOTE_ADDR'])); //Debug.