]> gitweb.fluxo.info Git - semanticscuttle.git/commitdiff
projects / semanticscuttle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ed47600)
Bug fix: correct CSRF protection
authormensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>
Thu, 27 Nov 2008 10:31:03 +0000 (10:31 +0000)
committermensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>
Thu, 27 Nov 2008 10:31:03 +0000 (10:31 +0000)
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@178 b3834d28-1941-0410-a4f8-b48e95affb8f

admin.php patch | blob | history

diff --git a/admin.php b/admin.php
index 48adacb8d26b4308689f09cbfacf956c2ef1fc36..c5484807e32085cc0710172d2cc32be3845c4544 100644 (file)
--- a/admin.php
+++ b/admin.php
@@ -44,11 +44,10 @@ if ( !$currentUser->isAdmin() ) {
        exit();\r
 }\r
 \r
-@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;\r
-
+@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
 \r
 if ( $action
-&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0  // Prevent CSRF attacks
+&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0  // Prevent CSRF attacks
 ) {\r
        switch ( $action ) {\r
                case 'delete':\r
Self-hosted and web-based social bookmark manager