mirror of
https://bitbucket.org/jsuto/piler.git
synced 2024-12-24 18:40:13 +01:00
Added http_referer check for logged in users
Signed-off-by: Janos SUTO <sj@acts.hu>
This commit is contained in:
parent
59c9a80964
commit
ef458a08f9
@ -74,6 +74,10 @@ else if($session->get("four_eyes") == 1 && $request->get['route'] != 'login/logo
|
|||||||
}
|
}
|
||||||
else if(Registry::get('username')) {
|
else if(Registry::get('username')) {
|
||||||
|
|
||||||
|
// Check the Referer header which must be present after we are authenticated
|
||||||
|
if(!isset($_SERVER['HTTP_REFERER'])) die("missing HTTP_REFERER");
|
||||||
|
if(strpos($_SERVER['HTTP_REFERER'], SITE_URL) === false) die("invalid HTTP_REFERER");
|
||||||
|
|
||||||
if(isset($request->get['route'])){
|
if(isset($request->get['route'])){
|
||||||
$action = new Router($request->get['route']);
|
$action = new Router($request->get['route']);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user