Banshee
the secure PHP framework

Forum

XSRF detection with non-standard port

Error
24 june 2011, 18:34
Hi,

I'm not sure if this is my bug or yours.
I'm getting this XSRF message in my action log file:
XSRF attempt from http://abc.dyndns.org:8888/admin blocked

I also logged the following variables:
$_SERVER["HTTP_Host"] = abc.dyndns.org
$referer_host = abc.dyndns.org:8888

It appears that the non-standard port number is confusing the XSRF detection, but I could be wrong.

Any ideas?

Thanks,

E.

Banshee version: 3.2
PHP version: 5.3.2
MySQL version: 14.14
Webserver: Hiawatha 6.17.1
Hugo Leisink
24 june 2011, 18:54
Try adding the following line to prevent_csrf() in libraries/security.php. Place it below the existing list() call.
list($referer_host) = explode(":", $referer_host);
Error
24 june 2011, 19:15
Thanks for the quick reply!

That worked for me.

-E
Message preview

The following BB-codes are available in a message:

  • [b]Bold text[/b]
  • [center]Center text or imagen[/center]
  • [color=color name or #RGB code]Colored text[/color]
  • [i]Italic text[/i]
  • [img]Link to image[/img]
  • [right]Align text or image right[/right]
  • [s]Strike-through text[/s]
  • [size=pixelsize]Big or small text[/size]
  • [u]Underlined text[/u]
  • [url]Link to website[/url]
  • [url=link to website]Link text[/url]
Back
Built upon the Banshee PHP framework v6.3CMS