From 174f3b0c9634a5a711e6c9d6ee8afcde36acfbfc Mon Sep 17 00:00:00 2001 From: zarzuelo Date: Tue, 19 Jun 2012 11:07:38 +0000 Subject: [PATCH] 2012-06-19 Sergio Martin * include/functions.php: Fixed check referer bug with https when is not forced. Bug #3525494 Merged from 4.0.2 git-svn-id: https://svn.code.sf.net/p/pandora/code/trunk@6592 c3f86ba8-e40f-0410-aaad-9ba5e7f4b01f --- pandora_console/ChangeLog | 6 ++++++ pandora_console/include/functions.php | 13 ++++++------- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/pandora_console/ChangeLog b/pandora_console/ChangeLog index 64f867d8a6..5f8a40854f 100644 --- a/pandora_console/ChangeLog +++ b/pandora_console/ChangeLog @@ -1,3 +1,9 @@ +2012-06-19 Sergio Martin + + * include/functions.php: Fixed check referer bug with + https when is not forced. Bug #3525494 + Merged from 4.0.2 + 2012-06-19 Sergio Martin * include/functions_incidents.php: Changed a parameter diff --git a/pandora_console/include/functions.php b/pandora_console/include/functions.php index 7a7de0a362..ad0b57ff33 100644 --- a/pandora_console/include/functions.php +++ b/pandora_console/include/functions.php @@ -37,18 +37,17 @@ function check_refererer() { // This is done due to problems with HTTP_REFERER var when metarefresh is performed if ($config["refr"] > 0) return true; - - $url = 'http://'; - if ($config['https']) { - $url = 'https://'; - } + //Check if the referer have a port (for example when apache run in other port to 80) if (preg_match('/http(s?):\/\/.*:[0-9]*/', $referer) == 1) { - $url .= $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $config["homeurl"]; + $url = $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $config["homeurl"]; } else { - $url .= $_SERVER['SERVER_NAME'] . $config["homeurl"]; + $url = $_SERVER['SERVER_NAME'] . $config["homeurl"]; } + + // Remove protocol from referer + $referer = preg_replace('/http(s?):\/\//','',$referer); if (strpos($referer, $url) === 0) { return true;