From 621b83df72cdafd41e033c250a000a05b5a2eb97 Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Tue, 3 Jul 2012 17:53:09 +0200 Subject: Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong --- lib/base.php | 15 --------------- 1 file changed, 15 deletions(-) (limited to 'lib') diff --git a/lib/base.php b/lib/base.php index c2b0bbef780..fe69ad70c0f 100644 --- a/lib/base.php +++ b/lib/base.php @@ -330,21 +330,6 @@ class OC{ self::checkInstalled(); self::checkSSL(); - - // CSRF protection - if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer=''; - $refererhost=parse_url($referer); - if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost=''; - $server=OC_Helper::serverHost(); - $serverhost=explode(':',$server); - $serverhost=$serverhost['0']; - if(!self::$CLI){ - if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) { - $url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php'; - header("Location: $url"); - exit(); - } - } self::initSession(); self::initTemplateEngine(); self::checkUpgrade(); -- cgit v1.2.3 From 280c59e91482660fb9a6f3ccf3f4b6df97883f5c Mon Sep 17 00:00:00 2001 From: Bart Visscher Date: Tue, 3 Jul 2012 17:54:12 +0200 Subject: More helpfull debug msg for redirectToDefaultPage --- lib/util.php | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/util.php b/lib/util.php index 0d9f4129442..2a7b8a922f9 100755 --- a/lib/util.php +++ b/lib/util.php @@ -324,16 +324,17 @@ class OC_Util { * Redirect to the user default page */ public static function redirectToDefaultPage(){ - OC_Log::write('core','redirectToDefaultPage',OC_Log::DEBUG); if(isset($_REQUEST['redirect_url']) && (substr($_REQUEST['redirect_url'], 0, strlen(OC::$WEBROOT)) == OC::$WEBROOT || $_REQUEST['redirect_url'][0] == '/')) { - header( 'Location: '.$_REQUEST['redirect_url']); + $location = $_REQUEST['redirect_url']; } else if (isset(OC::$REQUESTEDAPP) && !empty(OC::$REQUESTEDAPP)) { - header( 'Location: '.OC::$WEBROOT.'/?app='.OC::$REQUESTEDAPP ); + $location = OC::$WEBROOT.'/?app='.OC::$REQUESTEDAPP; } else { - header( 'Location: '.OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files')); + $location = OC::$WEBROOT.'/'.OC_Appconfig::getValue('core', 'defaultpage', '?app=files'); } + OC_Log::write('core', 'redirectToDefaultPage: '.$location, OC_Log::DEBUG); + header( 'Location: '.$location ); exit(); } -- cgit v1.2.3