Navigation

← Previous Changeset
Next Changeset →

Changeset 945

Timestamp:

04/11/07 11:35:44 (1 year ago)

Author:

Rickard

Message:

Beefed up the referrer check in admin/options.

Files:

trunk/upload/admin_options.php (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

trunk/upload/admin_options.php

r601	r945
38	38	if (isset($_POST['form_sent']))
39	39	{
40		// ~~Lazy referer check (in case base_url isn't correct~~)
41		if (!~~isset($_SERVER['HTTP_REFERER']) \|\| !preg_match('#/admin_options\.php#i', $_SERVER['HTTP_REFERER']~~))
42		message(~~$lang_common['Bad referrer']~~);
	40	// Custom referrer check (so we can output a custom error message)
	41	if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/admin_options.php', '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
	42	message('Bad HTTP_REFERER. If you have moved these forums from one location to another or switched domains, you need to update the Base URL manually in the database (look for o_base_url in the config table) and then clear the cache by deleting all .php files in the /cache directory.');
43	43
44	44	$form = array_map('trim', $_POST['form']);

Download in other formats: