aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Bug fix: correct CSRF protection

Browse source 
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@178 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
mensonge 2008-11-27 10:31:03 +00:00
parent ed4760018f
commit 96dfa82af5
1 changed files with 2 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
admin.php
View file

@ -44,11 +44,10 @@ if ( !$currentUser->isAdmin() ) {
exit();
}
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
if ( $action
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0 // Prevent CSRF attacks
) {
switch ( $action ) {
case 'delete':