From c4ff7003c59112bc3bf4c34f117da8f3164154b3 Mon Sep 17 00:00:00 2001
From: Jamie Cameron <jcameron@webmin.com>
Date: Fri, 21 Sep 2012 10:03:55 -0700
Subject: [PATCH] Check referer port too

---
 web-lib-funcs.pl | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/web-lib-funcs.pl b/web-lib-funcs.pl
index 1342bab5d..f68deb920 100755
--- a/web-lib-funcs.pl
+++ b/web-lib-funcs.pl
@@ -4460,10 +4460,10 @@ my $referer_port = $r =~ /^https:/ ? 443 : 80;
 if ($r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?\[([^\]]+)\](:(\d+))?/ ||
     $r =~ /^(http|https|ftp):\/\/([^:\/]+:[^@\/]+@)?([^\/:@]+)(:(\d+))?/) {
 	$referer_site = $3;
-	$referer_port = $5;
+	$referer_port = $5 if ($5);
 	}
 my $http_host = $ENV{'HTTP_HOST'};
-my $http_port = 80;
+my $http_port = $ENV{'SERVER_PORT'} || 80;
 if ($http_host =~ s/:(\d+)$//) {
 	$http_port = $1;
 	}
@@ -4474,7 +4474,8 @@ if ($0 &&
     ($ENV{'SCRIPT_NAME'} !~ /^\/(index.cgi)?$/ || $unsafe_index) &&
     ($ENV{'SCRIPT_NAME'} !~ /^\/([a-z0-9\_\-]+)\/(index.cgi)?$/i ||
      $unsafe_index) &&
-    $0 !~ /(session_login|pam_login)\.cgi$/ && !$gconfig{'referer'} &&
+    $0 !~ /(session_login|pam_login)\.cgi$/ &&
+    !$gconfig{'referer'} &&
     $ENV{'MINISERV_CONFIG'} && !$main::no_referers_check &&
     $ENV{'HTTP_USER_AGENT'} !~ /^Webmin/i &&
     ($referer_site && $referer_site ne $http_host &&