Project

General

Profile

« Previous | Next » 

Revision 1596

Added by Dietmar almost 13 years ago

highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt

View differences:

initialize.php
24 24
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
25 25

  
26 26
if (file_exists(WB_PATH.'/framework/class.database.php')) {
27

  
27
	$sTmpReferer = '';
28
	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
29
	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);
30
	        if ($tmp0 !== false) {
31
	                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';
32
	                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';
33
	                $tmp1 = parse_url(WB_URL);
34
	                if ($tmp1 !== false) {
35
	                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';
36
	                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';
37
	                        if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) {
38
	                                $sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment];
39
	                        }
40
	                }
41
	        }
42
	}
43
	$_SERVER['HTTP_REFERER'] = $sTmpReferer;
28 44
	date_default_timezone_set('UTC');
29 45
	require_once(WB_PATH.'/framework/class.database.php');
30 46

  

Also available in: Unified diff