Remove referer check, this is unreliable. The header doesnt need te exist, or can...

diff --git a/lib/base.php b/lib/base.php
index c2b0bbef78020a0cbcbd9ec36ee63c6aa3fcc7d2..fe69ad70c0f1bb2b3cefd7387cb8837137079f83 100644 (file)
--- a/lib/base.php
+++ b/lib/base.php
@@ -330,21 +330,6 @@ class OC{
 
                self::checkInstalled();
                self::checkSSL();
-
-               // CSRF protection
-               if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-               $refererhost=parse_url($referer);
-               if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
-               $server=OC_Helper::serverHost();
-               $serverhost=explode(':',$server);
-               $serverhost=$serverhost['0'];
-               if(!self::$CLI){
-                       if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
-                               $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
-                               header("Location: $url");
-                               exit();
-                       }
-               }
                self::initSession();
                self::initTemplateEngine();
                self::checkUpgrade();