From: mensonge <mensonge@b3834d28-1941-0410-a4f8-b48e95affb8f>
Date: Thu, 27 Nov 2008 10:31:03 +0000 (+0000)
Subject: Bug fix: correct CSRF protection
X-Git-Tag: v0.91~34
X-Git-Url: https://gitweb.fluxo.info/?a=commitdiff_plain;h=96dfa82af5d9fd27b87eeef0ba877b022845e240;p=semanticscuttle.git

Bug fix: correct CSRF protection

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@178 b3834d28-1941-0410-a4f8-b48e95affb8f
---

diff --git a/admin.php b/admin.php
index 48adacb..c548480 100644
--- a/admin.php
+++ b/admin.php
@@ -44,11 +44,10 @@ if ( !$currentUser->isAdmin() ) {
 	exit();
 }
 
-@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
-
+@list($url, $action, $user) = isset($_SERVER['PATH_INFO']) ? explode('/', $_SERVER['PATH_INFO']) : NULL;
 
 if ( $action
-&& strpos($_SERVER['HTTP_REFERER'], ROOT.'/admin.php') == 0  // Prevent CSRF attacks
+&& strpos($_SERVER['HTTP_REFERER'], ROOT.'admin.php') === 0  // Prevent CSRF attacks
 ) {
 	switch ( $action ) {
 		case 'delete':