mirror/php-phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-05-11 10:05:19 +02:00
Code Issues Releases Wiki Activity

explanation

Browse Source 
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8557 89ea8834-ac86-4346-8a33-228a782c2dd0
This commit is contained in:
Henry Sudhof 2008-05-16 12:34:39 +00:00
parent c5ba29e1fa
commit 5ea735d3ad
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
phpBB/includes/session.php
View File

@ -268,6 +268,7 @@ class session
// referer checks // referer checks
$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH; $check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
$referer_valid = true; $referer_valid = true;
// we assume HEAD and TRACE to be foul play and thus only whitelist GET
if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get') if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
{ {
$referer_valid = $this->validate_referer($check_referer_path); $referer_valid = $this->validate_referer($check_referer_path);