From e81b816c27c7958d09c2a14d2c0368c488b071e6 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sun, 10 Jul 2005 20:49:18 +0000 Subject: [PATCH] Only do the referer check if we have the HTTP_REFERER; Norton Internet Security removes it, making the applications unusable. --- kernel.php | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/kernel.php b/kernel.php index cacdcaf..3b6ddac 100644 --- a/kernel.php +++ b/kernel.php @@ -555,14 +555,22 @@ if (defined('ISSO_CHECK_POST_REFERER')) if ($_SERVER['REQUEST_METHOD'] == 'POST') { $host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_ENV['HTTP_HOST']; - $parts = parse_url($_SERVER['HTTP_REFERER']); - $ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : ''); - if ($ourhost != $host) + if ($host AND $_SERVER['HTTP_REFERER']) { - trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR); + $parts = parse_url($_SERVER['HTTP_REFERER']); + $ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : ''); + + if ($ourhost != $host) + { + trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR); + } + $_isso->debug('remote post check = ok'); + } + else + { + $_isso->debug('remote post check = FAILED'); } - $_isso->debug('remote post check = ok'); } } -- 2.43.5