From b2d7c5a1fd6525a91c4e1227ee16797a1f0e1f37 Mon Sep 17 00:00:00 2001
From: myvesta <38690722+myvesta@users.noreply.github.com>
Date: Tue, 12 Jul 2022 20:40:20 +0200
Subject: [PATCH] Fix for PHP Notice in vesta-php

---
 web/inc/secure_login.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/web/inc/secure_login.php b/web/inc/secure_login.php
index b9e2115c6..3ae149d5f 100644
--- a/web/inc/secure_login.php
+++ b/web/inc/secure_login.php
@@ -91,7 +91,8 @@ function prevent_get_csrf () {
     if (isset($_SERVER['SERVER_PORT']) == false) return;
     if (isset($_SERVER['HTTP_REFERER']) == false) return;
     $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
-    $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
+    if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
+    else $_SERVER['HTTP_ORIGIN']='';
     if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return;
     $host_arr = explode(":", $_SERVER['HTTP_HOST']);
     $hostname = $host_arr[0];