]> gitweb.fluxo.info Git - semanticscuttle.git/commitdiff
projects / semanticscuttle.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e81599e)
Fix bug #3407728: Can't delete users from admin page
authorChristian Weiske <cweiske@cweiske.de>
Tue, 1 Nov 2011 05:49:40 +0000 (06:49 +0100)
committerChristian Weiske <cweiske@cweiske.de>
Tue, 1 Nov 2011 05:49:40 +0000 (06:49 +0100)
doc/ChangeLog patch | blob | history
www/admin.php patch | blob | history

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 50015c8f95780fb3ebddbae641e3999c3cfe27ba..3bcd37b8441b55cde2d62d5b90c33d753be2fe71 100644 (file)
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -10,6 +10,7 @@ ChangeLog for SemantiScuttle
 - Fix bug #3393951: Logo images missing on bookmark page
 - Fix bug #3388219: Incorrect URL when cancelling tag2tag-actions
 - Fix bug #3399815: PHP error in opensearch API in 0.98.3
+- Fix bug #3407728: Can't delete users from admin page
 
 
 0.98.3 - 2011-08-09
diff --git a/www/admin.php b/www/admin.php
index 1dc21bd769a2a35bcf8a1326c6159b9536646b5b..f9b9b8d8655ad987ee79c9cd9ee61154fb314f09 100644 (file)
--- a/www/admin.php
+++ b/www/admin.php
@@ -47,8 +47,9 @@ if ( !$currentUser->isAdmin() ) {
 
 @list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
 
-if ( $action
-&& (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') === 0)  // Prevent CSRF attacks
+if ($action
+    && (strpos($_SERVER['HTTP_REFERER'], ROOT.'admin') <= 6)
+    // Prevent CSRF attacks. 6 is needed for "//example.org"-root urls
 ) {
        switch ( $action ) {
                case 'delete':
Self-hosted and web-based social bookmark manager