michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-03-20 16:50:24 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Check referer port too

Browse Source
This commit is contained in:
Jamie Cameron
2012-09-21 10:03:55 -07:00
parent 449ef784f9
commit c4ff7003c5
1 changed files with 4 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
web-lib-funcs.pl
View File

@@ -4460,10 +4460,10 @@ my $referer_port = $r =~ /^https:/ ? 443 : 80;
if ($r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?\[([^\]]+)\](:(\d+))?/ ||
$r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?([^\/:@]+)(:(\d+))?/) {
$referer_site = $3;
$referer_port = $5;
$referer_port = $5 if ($5);
}
my $http_host = $ENV{'HTTP_HOST'};
my $http_port = 80;
my $http_port = $ENV{'SERVER_PORT'} || 80;
if ($http_host =~ s/:(\d+)$//) {
$http_port = $1;
}
@@ -4474,7 +4474,8 @@ if ($0 &&
($ENV{'SCRIPT_NAME'} !~ /^\/(index.cgi)?$/ || $unsafe_index) &&
($ENV{'SCRIPT_NAME'} !~ /^\/([a-z0-9\_\-]+)\/(index.cgi)?$/i ||
$unsafe_index) &&
$0 !~ /(session_login|pam_login)\.cgi$/ && !$gconfig{'referer'} &&
$0 !~ /(session_login|pam_login)\.cgi$/ &&
!$gconfig{'referer'} &&
$ENV{'MINISERV_CONFIG'} && !$main::no_referers_check &&
$ENV{'HTTP_USER_AGENT'} !~ /^Webmin/i &&
($referer_site && $referer_site ne $http_host &&