Revision 1596
Added by Dietmar almost 13 years ago
initialize.php | ||
---|---|---|
24 | 24 |
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH); |
25 | 25 |
|
26 | 26 |
if (file_exists(WB_PATH.'/framework/class.database.php')) { |
27 |
|
|
27 |
$sTmpReferer = ''; |
|
28 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { |
|
29 |
$tmp0 = parse_url($_SERVER['HTTP_REFERER']); |
|
30 |
if ($tmp0 !== false) { |
|
31 |
$tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : ''; |
|
32 |
$tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : ''; |
|
33 |
$tmp1 = parse_url(WB_URL); |
|
34 |
if ($tmp1 !== false) { |
|
35 |
$tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : ''; |
|
36 |
$tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : ''; |
|
37 |
if (strpos($tmp0['host'].'/'.$tmp0['path'], $tmp1['host'].'/'.$tmp1['path'])) { |
|
38 |
$sTmpReferer = WB_URL.$tmp['path'].$tmp[fragment]; |
|
39 |
} |
|
40 |
} |
|
41 |
} |
|
42 |
} |
|
43 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer; |
|
28 | 44 |
date_default_timezone_set('UTC'); |
29 | 45 |
require_once(WB_PATH.'/framework/class.database.php'); |
30 | 46 |
|
Also available in: Unified diff
highly critical security-fix
announced on http://www.darksecurity.de/advisories/2012/SSCHADV2012-003.txt