explanation

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8557 89ea8834-ac86-4346-8a33-228a782c2dd0
author: Henry Sudhof <kellanved@phpbb.com> 2008-05-16 12:34:39 +0000
committer: Henry Sudhof <kellanved@phpbb.com> 2008-05-16 12:34:39 +0000
commit: 5ea735d3adad4c70aef347dbccb5c533c2ef15d7 (patch)
tree: b4e1a6f669605c0b2dae1c6f94adff46025183a7 /phpBB/includes/session.php
parent: c5ba29e1faf708dc890fcc2acddf36ca25c321ab (diff)
download: forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar
forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.gz
forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.bz2
forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.xz
forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.zip
1 files changed, 1 insertions, 0 deletions
diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 66554f1ab5..e216b3e36a 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -268,6 +268,7 @@ class session
 				// referer checks
 				$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
 				$referer_valid = true;
+				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
 				if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
 				{
 					$referer_valid = $this->validate_referer($check_referer_path);
author	Henry Sudhof <kellanved@phpbb.com>	2008-05-16 12:34:39 +0000
committer	Henry Sudhof <kellanved@phpbb.com>	2008-05-16 12:34:39 +0000
commit	5ea735d3adad4c70aef347dbccb5c533c2ef15d7 (patch)
tree	b4e1a6f669605c0b2dae1c6f94adff46025183a7 /phpBB/includes/session.php
parent	c5ba29e1faf708dc890fcc2acddf36ca25c321ab (diff)
download	forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.gz forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.bz2 forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.tar.xz forums-5ea735d3adad4c70aef347dbccb5c533c2ef15d7.zip