diff options
| author | Bart Visscher <bartv@thisnet.nl> | 2012-07-03 17:53:09 +0200 |
|---|---|---|
| committer | Bart Visscher <bartv@thisnet.nl> | 2012-07-04 17:51:07 +0200 |
| commit | 621b83df72cdafd41e033c250a000a05b5a2eb97 (patch) | |
| tree | 0521ecab33789a5415d23e9988f7787c7c944d24 /lib | |
| parent | 9ea34cae43c20206e02ff12040ab558b4ba64d80 (diff) | |
| download | nextcloud-server-621b83df72cdafd41e033c250a000a05b5a2eb97.tar.gz nextcloud-server-621b83df72cdafd41e033c250a000a05b5a2eb97.zip | |
Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/base.php | 15 |
1 files changed, 0 insertions, 15 deletions
diff --git a/lib/base.php b/lib/base.php index c2b0bbef780..fe69ad70c0f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -330,21 +330,6 @@ class OC{ self::checkInstalled(); self::checkSSL(); - - // CSRF protection - if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - $refererhost=parse_url($referer); - if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; - $server=OC_Helper::serverHost(); - $serverhost=explode(':',$server); - $serverhost=$serverhost['0']; - if(!self::$CLI){ - if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { - $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; - header("Location: $url"); - exit(); - } - } self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); |