From d625c9722ac512f873b3dcb8182e5ffaddc36c3c Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Tue, 12 Jul 2022 21:00:33 +0200
Subject: [PATCH] Fix for an boring PHP Notice in vesta-php

---
 web/inc/secure_login.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index 3ae149d5..7f8c8d15 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -63,7 +63,8 @@ function prevent_post_csrf ($hard_check=false) {
             if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = '';
         }
         $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-        $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
+        if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
+        else $_SERVER['HTTP_ORIGIN']='';
         if ($hard_check == false) {
             if (substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "file:///" && substr($_SERVER['HTTP_ORIGIN'], 0, 7) != "http://" && substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "https://") return;
         }