From 75dbc2fe110f24651e2dbe9612bfe70fcad01fb6 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Sun, 25 Jan 2026 12:26:43 +0100 Subject: [PATCH] OAuth: Fix bug where it was impossible to login again after logout (#10073) --- CHANGELOG.md | 1 + program/include/rcmail_oauth.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2c723c9b7..e1c07871a 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,7 @@ This file includes only changes we consider noteworthy for users, admins and plu - Support `request_url` config option for resolving relative URLs (#9868) - Support X-Forwarded-Host/X-Forwarded-Port in self URLs generation (#9952) - Support $HasAttachment/$HasNoAttachment keywords for "With attachment" search filter (#10053) +- OAuth: Fix bug where it was impossible to login again after logout (#10073) - Managesieve: Fix handling of string-list format values for date tests in Out of Office (#10075) - Password: Extend Dovecot passwdfile driver with dynamic file path support (#10036) - Fix a UI issue on using browser Back button after allowing remote resources (#10062) diff --git a/program/include/rcmail_oauth.php b/program/include/rcmail_oauth.php index b51358529..ff896c817 100644 --- a/program/include/rcmail_oauth.php +++ b/program/include/rcmail_oauth.php @@ -1347,7 +1347,7 @@ class rcmail_oauth // We store just the query string (not full URL) so it can be used directly with $_POST['_url'] if (!empty($_SERVER['QUERY_STRING']) && !$this->rcmail->output->ajax_call) { // Only store if it's not a login or oauth action (prevents redirect loops) - if (!preg_match('/(_task=login|_action=oauth)/', $_SERVER['QUERY_STRING'])) { + if (!preg_match('/(_task=login|_task=logout|_action=oauth)/', $_SERVER['QUERY_STRING'])) { $_SESSION['oauth_redirect_uri'] = $_SERVER['QUERY_STRING']; $this->log_debug('storing original query string for post-auth redirect: %s', $_SERVER['QUERY_STRING']); }