aboutsummaryrefslogtreecommitdiff
path: root/admin.php
diff options
context:
space:
mode:
Diffstat (limited to 'admin.php')
-rw-r--r--admin.php3
1 files changed, 1 insertions, 2 deletions
diff --git a/admin.php b/admin.php
index c51d925..6061565 100644
--- a/admin.php
+++ b/admin.php
@@ -46,10 +46,9 @@ if ( !$currentUser->isAdmin() ) {
}
@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
-
if ( $action
-&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0 // Prevent CSRF attacks
+&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0) // Prevent CSRF attacks
) {
switch ( $action ) {
case 'delete':
generated by cgit v1.2.3 (git 2.39.1) at 2024-11-15 07:03:48 +0000