diff options
Diffstat (limited to 'lib/base.php')
| -rw-r--r-- | lib/base.php | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/base.php b/lib/base.php index 5118f647134..1e28ea1ccfd 100644 --- a/lib/base.php +++ b/lib/base.php @@ -363,6 +363,16 @@ class OC{ self::checkInstalled(); self::checkSSL(); + // CSRF protection + if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; + if(isset($_SERVER['HTTPS']) and $_SERVER['HTTPS']<>'') $protocol='https://'; else $protocol='http://'; + $server=$protocol.$_SERVER['SERVER_NAME']; + if(($_SERVER['REQUEST_METHOD']=='POST') and (substr($referer,0,strlen($server))<>$server)) { + $url = $protocol.$_SERVER['SERVER_NAME'].OC::$WEBROOT.'/index.php'; + header("Location: $url"); + exit(); + } + self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); |