瀏覽代碼

remove referer

causefx 7 年之前
父節點
當前提交
5d331b9c39
共有 1 個文件被更改,包括 6 次插入18 次删除
  1. 6 18
      api/functions/organizr-functions.php

+ 6 - 18
api/functions/organizr-functions.php

@@ -378,25 +378,13 @@ function isApprovedRequest($method)
 	if (strlen($requesterToken) == 20 && $requesterToken == $GLOBALS['organizrAPI']) {
 		//DO API CHECK
 		return true;
-	} elseif (isset($_SERVER['HTTP_REFERER'])) {
-		if (strpos($_SERVER['HTTP_REFERER'], '?') !== false) {
-			$referer = explode('?', $_SERVER['HTTP_REFERER'])[0];
-		} elseif (strpos($_SERVER['HTTP_REFERER'], '#') !== false) {
-			$referer = explode('#', $_SERVER['HTTP_REFERER'])[0];
-		} else {
-			$referer = $_SERVER['HTTP_REFERER'];
-		}
-		if ($referer == getServerPath(false)) {
-			if ($method == 'POST') {
-				$formKey = (isset($_POST['data']['formKey'])) ? $_POST['data']['formKey'] : '';
-				if (password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey)) {
-					return true;
-				}
-			} else {
-				return true;
-			}
-			
+	} elseif ($method == 'POST') {
+		$formKey = (isset($_POST['data']['formKey'])) ? $_POST['data']['formKey'] : '';
+		if (password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey)) {
+			return true;
 		}
+	} else {
+		return true;
 	}
 	return false;
 }