From 154417d80b9f1ffb9d5d9fcbe2e6ab1dd15159bd Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 15 Sep 2020 16:59:11 +0300
Subject: public/logout: require valid CSRF token

---
 backend.php | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'backend.php')

diff --git a/backend.php b/backend.php
index 1bbeec2bd..8cdeafdb7 100644
--- a/backend.php
+++ b/backend.php
@@ -12,8 +12,7 @@
 
 	/* Public calls compatibility shim */
 
-	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
-		"fbexport", "logout", "pubsub");
+	$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share");
 
 	if (array_search($op, $public_calls) !== false) {
 		header("Location: public.php?" . $_SERVER['QUERY_STRING']);
-- 
cgit v1.2.3