Skip to content

Commit

Permalink
Temporary fix for a fat CSRF issue
Browse files Browse the repository at this point in the history
  • Loading branch information
@nightsh
nightsh committed Dec 30, 2013
1 parent 6f90cc6 commit ac0fae4
Show file tree
Hide file tree
Showing 2 changed files with 21 additions and 0 deletions.
6 changes: 6 additions & 0 deletions config.local.php
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,11 @@
<?php

$origin = parse_url($_SERVER['HTTP_REFERER']);

if($origin['host'] != 'theblacksea.eu') {
die('Warning, access forbidden!');
}

$publicDir = $_SERVER['DOCUMENT_ROOT'];
$publicUrl = 'http://'.$_SERVER['HTTP_HOST'];

Expand Down
15 changes: 15 additions & 0 deletions config.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -147,4 +147,19 @@
$_CONFIG =& $_DEFAULTS;
}

// Temporary fix for some CSRF issues
// Deny all requests not coming from the same domain
// FIXME: Refactor this, integrate in core app
//
// To apply this, copy and uncomment the following snippet to config.local.php

/*
$origin = parse_url($_SERVER['HTTP_REFERER']);
if($origin['host'] != 'theblacksea.eu') {
die('Warning, access forbidden!');
}
*/


?>

0 comments on commit ac0fae4

Please sign in to comment.