Bug fix: correct CSRF protection
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@178 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
parent
ed4760018f
commit
96dfa82af5
1 changed files with 2 additions and 3 deletions
|
@ -46,9 +46,8 @@ if ( !$currentUser->isAdmin() ) {
|
|||
|
||||
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
||||
|
||||
|
||||
if ( $action
|
||||
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0 // Prevent CSRF attacks
|
||||
&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0 // Prevent CSRF attacks
|
||||
) {
|
||||
switch ( $action ) {
|
||||
case 'delete':
|
||||
|
|
Loading…
Reference in a new issue