|
@@ -378,25 +378,13 @@ function isApprovedRequest($method)
|
|
|
if (strlen($requesterToken) == 20 && $requesterToken == $GLOBALS['organizrAPI']) {
|
|
if (strlen($requesterToken) == 20 && $requesterToken == $GLOBALS['organizrAPI']) {
|
|
|
//DO API CHECK
|
|
//DO API CHECK
|
|
|
return true;
|
|
return true;
|
|
|
- } elseif (isset($_SERVER['HTTP_REFERER'])) {
|
|
|
|
|
- if (strpos($_SERVER['HTTP_REFERER'], '?') !== false) {
|
|
|
|
|
- $referer = explode('?', $_SERVER['HTTP_REFERER'])[0];
|
|
|
|
|
- } elseif (strpos($_SERVER['HTTP_REFERER'], '#') !== false) {
|
|
|
|
|
- $referer = explode('#', $_SERVER['HTTP_REFERER'])[0];
|
|
|
|
|
- } else {
|
|
|
|
|
- $referer = $_SERVER['HTTP_REFERER'];
|
|
|
|
|
- }
|
|
|
|
|
- if ($referer == getServerPath(false)) {
|
|
|
|
|
- if ($method == 'POST') {
|
|
|
|
|
- $formKey = (isset($_POST['data']['formKey'])) ? $_POST['data']['formKey'] : '';
|
|
|
|
|
- if (password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey)) {
|
|
|
|
|
- return true;
|
|
|
|
|
- }
|
|
|
|
|
- } else {
|
|
|
|
|
- return true;
|
|
|
|
|
- }
|
|
|
|
|
-
|
|
|
|
|
|
|
+ } elseif ($method == 'POST') {
|
|
|
|
|
+ $formKey = (isset($_POST['data']['formKey'])) ? $_POST['data']['formKey'] : '';
|
|
|
|
|
+ if (password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey)) {
|
|
|
|
|
+ return true;
|
|
|
}
|
|
}
|
|
|
|
|
+ } else {
|
|
|
|
|
+ return true;
|
|
|
}
|
|
}
|
|
|
return false;
|
|
return false;
|
|
|
}
|
|
}
|