Fix bug #3407728: Can't delete users from admin page
This commit is contained in:
parent
e81599e437
commit
d97b4589ad
2 changed files with 4 additions and 2 deletions
|
@ -10,6 +10,7 @@ ChangeLog for SemantiScuttle
|
||||||
- Fix bug #3393951: Logo images missing on bookmark page
|
- Fix bug #3393951: Logo images missing on bookmark page
|
||||||
- Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions
|
- Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions
|
||||||
- Fix bug #3399815: PHP error in opensearch API in 0.98.3
|
- Fix bug #3399815: PHP error in opensearch API in 0.98.3
|
||||||
|
- Fix bug #3407728: Can't delete users from admin page
|
||||||
|
|
||||||
|
|
||||||
0.98.3 - 2011-08-09
|
0.98.3 - 2011-08-09
|
||||||
|
|
|
@ -47,8 +47,9 @@ if ( !$currentUser->isAdmin() ) {
|
||||||
|
|
||||||
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
|
||||||
|
|
||||||
if ( $action
|
if ($action
|
||||||
&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0) // Prevent CSRF attacks
|
&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') <= 6)
|
||||||
|
// Prevent CSRF attacks. 6 is needed for "//example.org"-root urls
|
||||||
) {
|
) {
|
||||||
switch ( $action ) {
|
switch ( $action ) {
|
||||||
case 'delete':
|
case 'delete':
|
||||||
|
|
Loading…
Reference in a new issue