Allow empty referer

author Joey Schulze <joey@infodrom.org>

Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)

committer Joey Schulze <joey@infodrom.org>

Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)
author Joey Schulze <joey@infodrom.org>
Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)
committer Joey Schulze <joey@infodrom.org>
Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)
diff --git a/lib/login.php b/lib/login.php

index 46e074e..8cd028e 100644 (file)
--- a/lib/login.php
+++ b/lib/login.php
@@ -14,7 +14,7 @@ function check_passwd()
  
    if ($sth === false) return false;
  
-  if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+  if ((!empty($_SERVER['HTTP_REFERER']) && substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true')
        || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
      error_log('Wrong referer or wrong request uri');
      return false;
author	Joey Schulze <joey@infodrom.org>
	Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)
committer	Joey Schulze <joey@infodrom.org>
	Sat, 23 Jul 2011 13:00:28 +0000 (15:00 +0200)