diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-17 10:31:20 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-17 10:31:20 +0000 |
| commit | b384952dee29d006a3827a97a45cd698e3ed9c89 (patch) | |
| tree | b7c38f6701f8d1b3314d0a45223a40ae8eb40292 /phpBB | |
| parent | 77058f31c288c85a697ec9de85b2dd40d9af4349 (diff) | |
| download | forums-b384952dee29d006a3827a97a45cd698e3ed9c89.tar forums-b384952dee29d006a3827a97a45cd698e3ed9c89.tar.gz forums-b384952dee29d006a3827a97a45cd698e3ed9c89.tar.bz2 forums-b384952dee29d006a3827a97a45cd698e3ed9c89.tar.xz forums-b384952dee29d006a3827a97a45cd698e3ed9c89.zip | |
Disable referer validation on install if it is not possible to determine correct referer due to a proxy setup (Bug #32765)
git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@9024 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB')
| -rw-r--r-- | phpBB/install/install_install.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 991d1d02a6..72de32f303 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1118,6 +1118,7 @@ class install_install extends module // HTTP_HOST is having the correct browser url in most cases... $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $referer = (!empty($_SERVER['HTTP_REFERRER'])) ? strtolower($_SERVER['HTTP_REFERRER']) : getenv('HTTP_REFERRER'); // HTTP HOST can carry a port number... if (strpos($server_name, ':') !== false) @@ -1376,6 +1377,15 @@ class install_install extends module WHERE config_name = 'captcha_gd'"; } + $ref = substr($referer, strpos($referer, '://') + 3); + + if (!(stripos($ref, $server_name) === 0)) + { + $sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '0' + WHERE config_name = 'referer_validation'"; + } + // We set a (semi-)unique cookie name to bypass login issues related to the cookie name. $cookie_name = 'phpbb3_'; $rand_str = md5(mt_rand()); |