@@ -35,13 +35,16 @@ function prevent_post_csrf()
3535 $ hostnameexplode (': ' , $ _SERVER 'HTTP_HOST ' ]);
3636 $ port$ hostname1 ];
3737 $ hostname$ hostname0 ];
38- if (strpos ($ _SERVER 'HTTP_ORIGIN ' ], gethostname ()) !== false && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
39- return checkStrictness (2 );
40- } else {
41- if (strpos ($ _SERVER 'HTTP_ORIGIN ' ], $ hostnamefalse && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
42- return checkStrictness (1 );
38+ if (isset ($ _SERVER 'HTTP_ORIGIN ' ])) {
39+ $ origin_hostparse_url ($ _SERVER 'HTTP_ORIGIN ' ], PHP_URL_HOST );
40+ if (strcmp ($ origin_hostgethostname ()) === 0 && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
41+ return checkStrictness (2 );
4342 } else {
44- return checkStrictness (0 );
43+ if (strcmp ($ origin_host$ hostname0 && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
44+ return checkStrictness (1 );
45+ } else {
46+ return checkStrictness (0 );
47+ }
4548 }
4649 }
4750 }
@@ -60,10 +63,11 @@ function prevent_get_csrf()
6063 return true ;
6164 }
6265 if (isset ($ _SERVER 'HTTP_REFERER ' ])) {
63- if (strpos ($ _SERVER 'HTTP_REFERER ' ], gethostname ()) !== false && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
66+ $ referrer_hostparse_url ($ _SERVER 'HTTP_REFERER ' ], PHP_URL_HOST );
67+ if (strcmp ($ referrer_hostgethostname ()) === 0 && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
6468 return checkStrictness (2 );
6569 } else {
66- if (strpos ( $ _SERVER [ ' HTTP_REFERER ' ] , $ hostname!== false && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
70+ if (strcmp ( $ referrer_host $ hostname=== 0 && in_array ($ portarray ('443 ' ,$ _SERVER 'SERVER_PORT ' ]))) {
6771 return checkStrictness (1 );
6872 } else {
6973 return checkStrictness (0 );
0 commit comments