From 5ea735d3adad4c70aef347dbccb5c533c2ef15d7 Mon Sep 17 00:00:00 2001
From: Henry Sudhof <kellanved@phpbb.com>
Date: Fri, 16 May 2008 12:34:39 +0000
Subject: explanation

git-svn-id: file:///svn/phpbb/branches/phpBB-3_0_0@8557 89ea8834-ac86-4346-8a33-228a782c2dd0
---
 phpBB/includes/session.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'phpBB/includes')

diff --git a/phpBB/includes/session.php b/phpBB/includes/session.php
index 66554f1ab5..e216b3e36a 100644
--- a/phpBB/includes/session.php
+++ b/phpBB/includes/session.php
@@ -268,6 +268,7 @@ class session
 				// referer checks
 				$check_referer_path = $config['referer_validation'] == REFERER_VALIDATE_PATH;
 				$referer_valid = true;
+				// we assume HEAD and TRACE to be foul play and thus only whitelist GET
 				if ($config['referer_validation'] && isset($_SERVER['REQUEST_METHOD']) && strtolower($_SERVER['REQUEST_METHOD']) !== 'get')
 				{
 					$referer_valid = $this->validate_referer($check_referer_path);
-- 
cgit v1.2.1