some csrf fixes. needs testing
This commit is contained in:
parent
74b5e22a68
commit
ee0cb68f5e
10
lib/base.php
10
lib/base.php
|
@ -325,6 +325,16 @@ class OC{
|
||||||
self::checkInstalled();
|
self::checkInstalled();
|
||||||
self::checkSSL();
|
self::checkSSL();
|
||||||
|
|
||||||
|
// CSRF protection
|
||||||
|
if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
|
||||||
|
if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://';
|
||||||
|
$server=$protocol.$_SERVER['SERVER_NAME'];
|
||||||
|
if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) {
|
||||||
|
$url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php';
|
||||||
|
header("Location: $url");
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
self::initSession();
|
self::initSession();
|
||||||
self::initTemplateEngine();
|
self::initTemplateEngine();
|
||||||
self::checkUpgrade();
|
self::checkUpgrade();
|
||||||
|
|
Loading…
Reference in New Issue