github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-14 10:37:39 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Preventing uploads from other origin

Browse source
This commit is contained in:
Anton Reutov 2021-07-27 14:56:35 +03:00 committed by GitHub
commit 8a60b257a2
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

7
web/upload/UploadHandler.php
View file

@ -2,6 +2,13 @@
//session_start();
$hostname = exec('hostname');
$port = $_SERVER['SERVER_PORT'];
$expected_http_origin="https://".$hostname.":".$port;
if ($_SERVER['HTTP_ORIGIN'] != $expected_http_origin) {
die ("Nope.");
}
include($_SERVER['DOCUMENT_ROOT']."/inc/main.php");
// Check login_as feature