Revision 1596
Added by Dietmar almost 13 years ago
| initialize.php | ||
|---|---|---|
| 24 | 24 |
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH); |
| 25 | 25 |
|
| 26 | 26 |
if (file_exists(WB_PATH.'/framework/class.database.php')) {
|
| 27 |
|
|
| 27 |
$sTmpReferer = ''; |
|
| 28 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
|
|
| 29 |
$tmp0 = parse_url($_SERVER['HTTP_REFERER']); |
|
| 30 |
if ($tmp0 !== false) {
|
|
| 31 |
$tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : ''; |
|
| 32 |
$tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : ''; |
|
| 33 |
$tmp1 = parse_url(WB_URL); |
|
| 34 |
if ($tmp1 !== false) {
|
|
| 35 |
$tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : ''; |
|
| 36 |
$tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : ''; |
|
| 37 |
if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) {
|
|
| 38 |
$sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment]; |
|
| 39 |
} |
|
| 40 |
} |
|
| 41 |
} |
|
| 42 |
} |
|
| 43 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer; |
|
| 28 | 44 |
date_default_timezone_set('UTC');
|
| 29 | 45 |
require_once(WB_PATH.'/framework/class.database.php'); |
| 30 | 46 |
|
Also available in: Unified diff
highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt