mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-04 06:35:40 -04:00
Code Issues Packages Projects Releases Wiki Activity

Temporarily remove scheme check in referer

Browse Source 
If needed, we may re-introduce the check for scheme with proper support
for proxy
https://github.com/FreshRSS/FreshRSS/issues/565#issuecomment-61602425
This commit is contained in:
Alexandre Alapetite
2014-11-04 08:47:23 +01:00
parent 2046766a88
commit ba7d63e5ca
1 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/lib_rss.php
View File

@@ -242,11 +242,14 @@ function is_referer_from_same_domain() {
$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
$referer = parse_url($_SERVER['HTTP_REFERER']);
if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] ||
empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
return false;
}
return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0);
//TODO: check 'scheme', taking into account the case of a proxy
if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) {
return false;
}
return true;
}