diff options
author | Christian Weiske <cweiske@cweiske.de> | 2011-11-01 06:49:45 +0100 |
---|---|---|
committer | Christian Weiske <cweiske@cweiske.de> | 2011-11-01 06:49:45 +0100 |
commit | 0203feae1c622d6c2463157a54a8572fd1ca7b91 (patch) | |
tree | 2e5eba2ab8b93fc29e7c6dbbdb1be62d84b40541 | |
parent | db6011331290fcbe453b3f5b5560c59f60c4ee34 (diff) | |
parent | d97b4589ade2dbde4048cfdce284f1b5b8bc9c6d (diff) | |
download | semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.gz semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.bz2 |
Merge branch '0.98'
-rw-r--r-- | doc/ChangeLog | 1 | ||||
-rw-r--r-- | www/admin.php | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 50015c8..3bcd37b 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -10,6 +10,7 @@ ChangeLog for SemantiScuttle - Fix bug #3393951: Logo images missing on bookmark page - Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions - Fix bug #3399815: PHP error in opensearch API in 0.98.3 +- Fix bug #3407728: Can't delete users from admin page 0.98.3 - 2011-08-09 diff --git a/www/admin.php b/www/admin.php index 1dc21bd..f9b9b8d 100644 --- a/www/admin.php +++ b/www/admin.php @@ -47,8 +47,9 @@ if ( !$currentUser->isAdmin() ) { @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL; -if ( $action -&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0) // Prevent CSRF attacks +if ($action + && (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') <= 6) + // Prevent CSRF attacks. 6 is needed for "//example.org"-root urls ) { switch ( $action ) { case 'delete': |