mbirth/LuckyCoinkydink
1
0
Fork 0
Code Issues Pull Requests Activity

* [Security] Redirection of comment.php now checks the referrer

Browse Source 
and only allows the blog's host (thanks to Lee Sheldon Victor)
This commit is contained in:
Garvin Hicking 2017-01-12 12:02:27 +01:00
parent a48708021c
commit 6285933470
2 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
comment.php
View File

@ -11,7 +11,7 @@ header('Content-Type: text/html; charset=' . LANG_CHARSET);
if (isset($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type'])) {
serendipity_deleteComment($serendipity['GET']['delete'], $serendipity['GET']['entry'], $serendipity['GET']['type']);
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER'])) {
if (serendipity_isResponseClean($_SERVER['HTTP_REFERER']) && preg_match('@^https?://' . preg_quote($_SERVER['HTTP_HOST'], '@') . '@imsU')) {
header('Status: 302 Found');
header('Location: '. $_SERVER['HTTP_REFERER']);
exit;

3
docs/NEWS
View File

@ -17,6 +17,9 @@ Version 2.1 ()
* [Security] Reject %0D/%0A in exit tracking and other places
(Issue #434)
* [Security] Redirection of comment.php now checks the referrer
and only allows the blog's host (thanks to Lee Sheldon Victor)
* Disabled Selenium test files unless enabled