From e81b816c27c7958d09c2a14d2c0368c488b071e6 Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 10 Jul 2005 20:49:18 +0000
Subject: [PATCH] Only do the referer check if we have the HTTP_REFERER; Norton
 Internet Security removes it, making the applications unusable.

---
 kernel.php | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/kernel.php b/kernel.php
index cacdcaf..3b6ddac 100644
--- a/kernel.php
+++ b/kernel.php
@@ -555,14 +555,22 @@ if (defined('ISSO_CHECK_POST_REFERER'))
 	if ($_SERVER['REQUEST_METHOD'] == 'POST')
 	{
 		$host = ($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_ENV['HTTP_HOST'];
-		$parts = parse_url($_SERVER['HTTP_REFERER']);
-		$ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : '');
 		
-		if ($ourhost != $host)
+		if ($host AND $_SERVER['HTTP_REFERER'])
 		{
-			trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR);
+			$parts = parse_url($_SERVER['HTTP_REFERER']);
+			$ourhost = $parts['host'] . (($parts['port']) ? ":$parts[port]" : '');
+			
+			if ($ourhost != $host)
+			{
+				trigger_error('No external hosts are allowed to POST to this application', E_USER_ERROR);
+			}
+			$_isso->debug('remote post check = ok');
+		}
+		else
+		{
+			$_isso->debug('remote post check = FAILED');
 		}
-		$_isso->debug('remote post check = ok');
 	}
 }
 
-- 
2.22.5