From 6ab37ef8b79023751a73227c86e02c00b2190433 Mon Sep 17 00:00:00 2001
From: Karson <karsonzhang@163.com>
Date: Tue, 2 Jun 2026 15:59:15 +0800
Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E9=80=80=E5=87=BA=E9=80=BB?=
 =?UTF-8?q?=E8=BE=91?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 application/admin/controller/Index.php   |  7 +++++++
 application/admin/view/index/logout.html | 11 ++++++-----
 application/index/controller/User.php    | 11 ++++++-----
 application/index/view/user/logout.html  |  2 +-
 4 files changed, 20 insertions(+), 11 deletions(-)

diff --git a/application/admin/controller/Index.php b/application/admin/controller/Index.php
index 8188197b..2d7e13ec 100644
--- a/application/admin/controller/Index.php
+++ b/application/admin/controller/Index.php
@@ -127,7 +127,14 @@ class Index extends Backend
      */
     public function logout()
     {
+
         if ($this->request->isPost()) {
+            // 加强校验referer是否来自服务器
+            $referer = $this->request->server('HTTP_REFERER');
+            if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
+                $this->error(__('Invalid request'));
+            }
+
             $this->token();
             $this->auth->logout();
             Hook::listen("admin_logout_after", $this->request);
diff --git a/application/admin/view/index/logout.html b/application/admin/view/index/logout.html
index febbe4de..f42c25fe 100644
--- a/application/admin/view/index/logout.html
+++ b/application/admin/view/index/logout.html
@@ -2,6 +2,7 @@
 <html>
 <head>
     {include file="common/meta" /}
+    <meta name="referrer" content="origin" />
 
     <style type="text/css">
         body {
@@ -16,13 +17,13 @@
 
         .logout-main {
             text-align: center;
-            max-width: 500px;
+            max-width: 430px;
             margin: 0 auto;
             margin-top: 150px;
             background-color: #fff;
-            padding: 50px 30px;
-            border-radius: 5px;
-            box-shadow: 0 0 5px rgba(0, 0, 0, .1);
+            padding: 40px 30px;
+            border-radius: 3px;
+            box-shadow: 0 0 30px rgba(0, 0, 0, 0.1);
         }
 
     </style>
@@ -38,7 +39,7 @@
             {:token()}
             <div class="form-group">
                 <button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button>
-                <button type="button" class="btn btn-default btn-lg btn-block mt-2" onclick="history.back()">{:__('Cancel')}</button>
+                <button type="button" class="btn btn-default btn-lg btn-block mt-3" onclick="history.back()">{:__('Cancel')}</button>
             </div>
         </form>
     </div>
diff --git a/application/index/controller/User.php b/application/index/controller/User.php
index be2b02b0..73df23d6 100644
--- a/application/index/controller/User.php
+++ b/application/index/controller/User.php
@@ -195,13 +195,14 @@ class User extends Frontend
      */
     public function logout()
     {
-        // 加强校验referer是否来自服务器
-        $referer = $this->request->server('HTTP_REFERER');
-        if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
-            $this->error(__('Invalid request'));
-        }
 
         if ($this->request->isPost()) {
+            // 加强校验referer是否来自服务器
+            $referer = $this->request->server('HTTP_REFERER');
+            if (!$referer || strtolower(parse_url($referer, PHP_URL_HOST)) != strtolower($this->request->host())) {
+                $this->error(__('Invalid request'));
+            }
+
             $this->token();
             //退出本站
             $this->auth->logout();
diff --git a/application/index/view/user/logout.html b/application/index/view/user/logout.html
index d4299a5f..0f16f42e 100644
--- a/application/index/view/user/logout.html
+++ b/application/index/view/user/logout.html
@@ -9,7 +9,7 @@
                 {:token()}
                 <div class="form-group">
                     <button type="submit" class="btn btn-primary btn-lg btn-block">{:__('Confirm sign out')}</button>
-                    <button type="button" class="btn btn-default btn-lg btn-block mt-2" onclick="history.back()">{:__('Cancel')}</button>
+                    <button type="button" class="btn btn-default btn-lg btn-block mt-3" onclick="history.back()">{:__('Cancel')}</button>
                 </div>
             </form>
         </div>