diff options
| author | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-17 10:33:06 +0000 |
|---|---|---|
| committer | Meik Sievertsen <acydburn@phpbb.com> | 2008-10-17 10:33:06 +0000 |
| commit | d0e630157c0ae40bb5a9aefd012f9e010a3cf681 (patch) | |
| tree | cd7fecbd4a58b2bb4a84f505159f2ef1cfd1f778 /phpBB/install | |
| parent | 69cfb5b821cdb2676d4d5a10943dc1550d1ad168 (diff) | |
| download | forums-d0e630157c0ae40bb5a9aefd012f9e010a3cf681.tar forums-d0e630157c0ae40bb5a9aefd012f9e010a3cf681.tar.gz forums-d0e630157c0ae40bb5a9aefd012f9e010a3cf681.tar.bz2 forums-d0e630157c0ae40bb5a9aefd012f9e010a3cf681.tar.xz forums-d0e630157c0ae40bb5a9aefd012f9e010a3cf681.zip | |
Disable referer validation on install if it is not possible to determine correct referer due to a proxy setup (Bug #32765)
git-svn-id: file:///svn/phpbb/trunk@9025 89ea8834-ac86-4346-8a33-228a782c2dd0
Diffstat (limited to 'phpBB/install')
| -rw-r--r-- | phpBB/install/install_install.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/phpBB/install/install_install.php b/phpBB/install/install_install.php index 3b0fdc5011..61491d7b2b 100644 --- a/phpBB/install/install_install.php +++ b/phpBB/install/install_install.php @@ -1140,6 +1140,7 @@ class install_install extends module // HTTP_HOST is having the correct browser url in most cases... $server_name = (!empty($_SERVER['HTTP_HOST'])) ? strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME')); + $referer = (!empty($_SERVER['HTTP_REFERRER'])) ? strtolower($_SERVER['HTTP_REFERRER']) : getenv('HTTP_REFERRER'); // HTTP HOST can carry a port number... if (strpos($server_name, ':') !== false) @@ -1391,6 +1392,15 @@ class install_install extends module WHERE config_name = 'captcha_plugin'"; } + $ref = substr($referer, strpos($referer, '://') + 3); + + if (!(stripos($ref, $server_name) === 0)) + { + $sql_ary[] = 'UPDATE ' . $data['table_prefix'] . "config + SET config_value = '0' + WHERE config_name = 'referer_validation'"; + } + // We set a (semi-)unique cookie name to bypass login issues related to the cookie name. $cookie_name = 'phpbb3_'; $rand_str = md5(mt_rand()); |