From 2a1e77eb3306223121d7498359c6fb79fef88ac7 Mon Sep 17 00:00:00 2001
From: Leo Feyer <github@contao.org>
Date: Mon, 23 Sep 2013 11:52:08 +0200
Subject: [PATCH] Do not redirect to protected pages after logout (see #6210)

---
 system/docs/CHANGELOG.md                     |  3 +++
 system/modules/core/modules/ModuleLogin.php  | 14 +++++++-------
 system/modules/core/modules/ModuleLogout.php | 15 ++++++++++++---
 3 files changed, 22 insertions(+), 10 deletions(-)

diff --git a/system/docs/CHANGELOG.md b/system/docs/CHANGELOG.md
index e343b4707f..a393cb169a 100644
--- a/system/docs/CHANGELOG.md
+++ b/system/docs/CHANGELOG.md
@@ -4,6 +4,9 @@ Contao Open Source CMS Changelog
 Version 3.1.3 (2013-XX-XX)
 --------------------------
 
+### Fixed
+Do not redirect to protected pages after logout (see #6210).
+
 ### Fixed
 Consider the additional arguments in `Frontend::jumpToOrReload()` (see #5734).
 
diff --git a/system/modules/core/modules/ModuleLogin.php b/system/modules/core/modules/ModuleLogin.php
index 8c47bfa889..771ee0685e 100644
--- a/system/modules/core/modules/ModuleLogin.php
+++ b/system/modules/core/modules/ModuleLogin.php
@@ -127,18 +127,18 @@ public function generate()
 			global $objPage;
 
 			$this->import('FrontendUser', 'User');
-			$strRedirect = \Environment::get('request');
+			$strRedirect = \Environment::get(($objPage->protected ? 'base' : 'request'));
 
 			// Redirect to last page visited
 			if ($this->redirectBack && strlen($_SESSION['LAST_PAGE_VISITED']))
 			{
-				$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
-			}
+				$objLastPage = \PageModel::findByIdOrAlias($this->getPageIdFromUrl($_SESSION['LAST_PAGE_VISITED']));
 
-			// Redirect home if the page is protected
-			elseif ($objPage->protected)
-			{
-				$strRedirect = \Environment::get('base');
+				// Check whether the page is protected (see #6210)
+				if ($objLastPage !== null && !$objLastPage->protected)
+				{
+					$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+				}
 			}
 
 			// Logout and redirect
diff --git a/system/modules/core/modules/ModuleLogout.php b/system/modules/core/modules/ModuleLogout.php
index 49bf26e7e6..fe4ab00747 100644
--- a/system/modules/core/modules/ModuleLogout.php
+++ b/system/modules/core/modules/ModuleLogout.php
@@ -61,16 +61,25 @@ public function generate()
 		}
 
 		$this->import('FrontendUser', 'User');
+
+		$blnUseJumpTo = ($this->jumpTo > 0);
 		$strRedirect = \Environment::get('base');
 
 		// Redirect to last page visited
 		if ($this->redirectBack && !empty($_SESSION['LAST_PAGE_VISITED']))
 		{
-			$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+			$objLastPage = \PageModel::findByIdOrAlias($this->getPageIdFromUrl($_SESSION['LAST_PAGE_VISITED']));
+
+			// Check whether the page is protected (see #6210)
+			if ($objLastPage !== null && !$objLastPage->protected)
+			{
+				$blnUseJumpTo = false;
+				$strRedirect = $_SESSION['LAST_PAGE_VISITED'];
+			}
 		}
 
-		// Redirect to jumpTo page
-		elseif ($this->jumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null)
+		// Redirect to the jumpTo page
+		if ($blnUseJumpTo && ($objTarget = $this->objModel->getRelated('jumpTo')) !== null)
 		{
 			$strRedirect = $this->generateFrontendUrl($objTarget->row());
 		}