diff options
| author | Georg Ehrke <dev@georgswebsite.de> | 2012-07-05 11:30:37 +0200 |
|---|---|---|
| committer | Georg Ehrke <dev@georgswebsite.de> | 2012-07-05 11:30:37 +0200 |
| commit | aa95cf2c9866d3975d2e27d83c05e5a1c675efee (patch) | |
| tree | f72b44cc6c80e33b56512b46d57e664ee895c7c8 /lib | |
| parent | 7ec2d6ce85bcf4989f4fc68e505cbc77b920c54b (diff) | |
| parent | 9d00f4d2fb0c881eadfedc5de6537da4133eda7b (diff) | |
| download | nextcloud-server-aa95cf2c9866d3975d2e27d83c05e5a1c675efee.tar.gz nextcloud-server-aa95cf2c9866d3975d2e27d83c05e5a1c675efee.zip | |
Merge branch 'master' into calendar_import
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 15 | ||||
| -rwxr-xr-x | lib/util.php | 9 |
2 files changed, 5 insertions, 19 deletions
diff --git a/lib/base.php b/lib/base.php index c2b0bbef780..fe69ad70c0f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -330,21 +330,6 @@ class OC{ self::checkInstalled(); self::checkSSL(); - - // CSRF protection - if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - $refererhost=parse_url($referer); - if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; - $server=OC_Helper::serverHost(); - $serverhost=explode(':',$server); - $serverhost=$serverhost['0']; - if(!self::$CLI){ - if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { - $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; - header("Location: $url"); - exit(); - } - } self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); diff --git a/lib/util.php b/lib/util.php index 0d9f4129442..2a7b8a922f9 100755 --- a/lib/util.php +++ b/lib/util.php @@ -324,16 +324,17 @@ class OC_Util { * Redirect to the user default page */ public static function redirectToDefaultPage(){ - OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG); if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) { - header( 'Location: '.$_REQUEST['redirect_url']); + $location = $_REQUEST['redirect_url']; } else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) { - header( 'Location: '.OC::$WEBROOT.'/?app='.OC::$REQUESTEDAPP ); + $location = OC::$WEBROOT.'/?app='.OC::$REQUESTEDAPP; } else { - header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); + $location = OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'); } + OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG); + header( 'Location: '.$location ); exit(); } |