diff options
author | sgiehl <stefangiehl@gmail.com> | 2012-11-07 23:32:22 +0400 |
---|---|---|
committer | sgiehl <stefangiehl@gmail.com> | 2012-11-07 23:32:22 +0400 |
commit | 6133517bdb31096d91444d48f6fceb791c7f60e3 (patch) | |
tree | 2f321ec9be0981487ae6f7bc765cb3d618d49a80 /plugins/Proxy | |
parent | 5dddd3b202c5f0b76820b30f09324f4e4fd3873c (diff) |
refs #3460 fixes XSS within proxy module; allow redirect only if user was referred from within current piwik instance
git-svn-id: http://dev.piwik.org/svn/trunk@7397 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Proxy')
-rw-r--r-- | plugins/Proxy/Controller.php | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/Proxy/Controller.php b/plugins/Proxy/Controller.php index 953db0bfe8..c3b289cd95 100644 --- a/plugins/Proxy/Controller.php +++ b/plugins/Proxy/Controller.php @@ -128,7 +128,7 @@ class Piwik_Proxy_Controller extends Piwik_Controller // validate referrer $referrer = Piwik_Url::getReferer(); - if(!empty($referrer) && !Piwik_Url::isLocalUrl($referrer)) + if(empty($referrer) || !Piwik_Url::isLocalUrl($referrer)) { die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: '.$url); } |