From ba7d63e5cac1c98e28dc831112bc21dbd76aebbb Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre.alapetite@alexandra.dk>
Date: Tue, 4 Nov 2014 08:47:23 +0100
Subject: Temporarily remove scheme check in referer

If needed, we may re-introduce the check for scheme with proper support
for proxy
https://github.com/FreshRSS/FreshRSS/issues/565#issuecomment-61602425
---
 lib/lib_rss.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index e7ca95aba..8170c7fd9 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -242,11 +242,14 @@ function is_referer_from_same_domain() {
 	$host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') .
 		(empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST']));
 	$referer = parse_url($_SERVER['HTTP_REFERER']);
-	if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] ||
-	    empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
+	if (empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) {
 		return false;
 	}
-	return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0);
+	//TODO: check 'scheme', taking into account the case of a proxy
+	if ((isset($host['port']) ? $host['port'] : 0) !== (isset($referer['port']) ? $referer['port'] : 0)) {
+		return false;
+	}
+	return true;
 }
 
 
-- 
cgit v1.2.3