github/vesta
1
0
Fork 0
mirror of https://github.com/serghey-rodin/vesta.git synced 2025-08-21 13:54:26 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix for an boring PHP Notice in vesta-php

Browse source
This commit is contained in:
myvesta 2022-07-12 21:08:30 +02:00 committed by GitHub
commit bc67f1028a
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

5
web/inc/secure_login.php
View file

@ -63,8 +63,7 @@ function prevent_post_csrf ($hard_check=false) {
if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = ''; if (isset($_SERVER['HTTP_ORIGIN']) == false) $_SERVER['HTTP_ORIGIN'] = '';
} }
$_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']); $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
else $_SERVER['HTTP_ORIGIN']='';
if ($hard_check == false) { if ($hard_check == false) {
if (substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "file:///" && substr($_SERVER['HTTP_ORIGIN'], 0, 7) != "http://" && substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "https://") return; if (substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "file:///" && substr($_SERVER['HTTP_ORIGIN'], 0, 7) != "http://" && substr($_SERVER['HTTP_ORIGIN'], 0, 8) != "https://") return;
} }
@ -92,8 +91,6 @@ function prevent_get_csrf () {
if (isset($_SERVER['SERVER_PORT']) == false) return; if (isset($_SERVER['SERVER_PORT']) == false) return;
if (isset($_SERVER['HTTP_REFERER']) == false) return; if (isset($_SERVER['HTTP_REFERER']) == false) return;
$_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']); $_SERVER['HTTP_HOST'] = strtolower($_SERVER['HTTP_HOST']);
if (isset($_SERVER['HTTP_ORIGIN'])) $_SERVER['HTTP_ORIGIN'] = strtolower($_SERVER['HTTP_ORIGIN']);
else $_SERVER['HTTP_ORIGIN']='';
if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return; if (substr($_SERVER['HTTP_REFERER'], 0, 8) != "file:///" && substr($_SERVER['HTTP_REFERER'], 0, 7) != "http://" && substr($_SERVER['HTTP_REFERER'], 0, 8) != "https://") return;
$host_arr = explode(":", $_SERVER['HTTP_HOST']); $host_arr = explode(":", $_SERVER['HTTP_HOST']);
$hostname = $host_arr[0]; $hostname = $host_arr[0];