Merge branch '0.98'

author: Christian Weiske <cweiske@cweiske.de> 2011-11-01 06:49:45 +0100
committer: Christian Weiske <cweiske@cweiske.de> 2011-11-01 06:49:45 +0100
commit: 0203feae1c622d6c2463157a54a8572fd1ca7b91 (patch)
tree: 2e5eba2ab8b93fc29e7c6dbbdb1be62d84b40541 /www/admin.php
parent: db6011331290fcbe453b3f5b5560c59f60c4ee34 (diff)
parent: d97b4589ade2dbde4048cfdce284f1b5b8bc9c6d (diff)
download: semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.gz
semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.bz2
1 files changed, 3 insertions, 2 deletions
diff --git a/www/admin.php b/www/admin.php
index 1dc21bd..f9b9b8d 100644
--- a/www/admin.php
+++ b/www/admin.php
@@ -47,8 +47,9 @@ if ( !$currentUser->isAdmin() ) {
 
 @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
 
-if ( $action
-&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0)  // Prevent CSRF attacks
+if ($action
+    && (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') <= 6)
+    // Prevent CSRF attacks. 6 is needed for "//example.org"-root urls
 ) {
 	switch ( $action ) {
 		case 'delete':
author	Christian Weiske <cweiske@cweiske.de>	2011-11-01 06:49:45 +0100
committer	Christian Weiske <cweiske@cweiske.de>	2011-11-01 06:49:45 +0100
commit	0203feae1c622d6c2463157a54a8572fd1ca7b91 (patch)
tree	2e5eba2ab8b93fc29e7c6dbbdb1be62d84b40541 /www/admin.php
parent	db6011331290fcbe453b3f5b5560c59f60c4ee34 (diff)
parent	d97b4589ade2dbde4048cfdce284f1b5b8bc9c6d (diff)
download	semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.gz semanticscuttle-0203feae1c622d6c2463157a54a8572fd1ca7b91.tar.bz2