diff options
| author |  Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2014-11-04 08:47:23 +0100 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
| 2014-11-04 08:47:23 +0100 |
| commit | ba7d63e5cac1c98e28dc831112bc21dbd76aebbb (patch) | |
| tree | 8ee8f9068ae7c76b041d49e5dddd6b10d9f6a59e /lib/lib_rss.php | |
| parent | 2046766a8845457af21e85aa02e6812acdfabc7a (diff) | |
Temporarily remove scheme check in referer
If needed, we may re-introduce the check for scheme with proper support
for proxy
https://github.com/FreshRSS/FreshRSS/issues/565#issuecomment-61602425
Diffstat (limited to 'lib/lib_rss.php')
| -rw-r--r-- | lib/lib_rss.php | 9 |
1 files changed, 6 insertions, 3 deletions
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e7ca95aba..8170c7fd9 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -242,11 +242,14 @@ function is_referer_from_same_domain() { $host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'])); $referer = parse_url($_SERVER['HTTP_REFERER']); - if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] || - empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { + if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { return false; } - return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0); + //TODO: check 'scheme', taking into account the case of a proxy + if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) { + return false; + } + return true; } |