Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/matomo-org/matomo.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/plugins/Proxy
diff options
context:
space:
mode:
authorsgiehl <stefangiehl@gmail.com>2012-11-07 23:32:22 +0400
committersgiehl <stefangiehl@gmail.com>2012-11-07 23:32:22 +0400
commit6133517bdb31096d91444d48f6fceb791c7f60e3 (patch)
tree2f321ec9be0981487ae6f7bc765cb3d618d49a80 /plugins/Proxy
parent5dddd3b202c5f0b76820b30f09324f4e4fd3873c (diff)
refs #3460 fixes XSS within proxy module; allow redirect only if user was referred from within current piwik instance
git-svn-id: http://dev.piwik.org/svn/trunk@7397 59fd770c-687e-43c8-a1e3-f5a4ff64c105
Diffstat (limited to 'plugins/Proxy')
-rw-r--r--plugins/Proxy/Controller.php2
1 files changed, 1 insertions, 1 deletions
diff --git a/plugins/Proxy/Controller.php b/plugins/Proxy/Controller.php
index 953db0bfe8..c3b289cd95 100644
--- a/plugins/Proxy/Controller.php
+++ b/plugins/Proxy/Controller.php
@@ -128,7 +128,7 @@ class Piwik_Proxy_Controller extends Piwik_Controller
// validate referrer
$referrer = Piwik_Url::getReferer();
- if(!empty($referrer) && !Piwik_Url::isLocalUrl($referrer))
+ if(empty($referrer) || !Piwik_Url::isLocalUrl($referrer))
{
die('Invalid Referer detected - check that your browser sends the Referer header. <br/>The link you would have been redirected to is: '.$url);
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 05:15:09 +0300