From 49c72d1e38b6860719e988ca271fb756bbb5b443 Mon Sep 17 00:00:00 2001
From: Jamie Furness <jamie@jamierf.co.uk>
Date: Fri, 22 Oct 2010 11:40:19 +0100
Subject: [PATCH] Updating the confirm_referrer function to ignore the URL
 scheme, port, etc. This allows http and https URLs to pass referer checks
 without problems.

---
 admin_options.php     |  6 ++----
 include/functions.php | 21 ++++++++++++++++++---
 2 files changed, 20 insertions(+), 7 deletions(-)

diff --git a/admin_options.php b/admin_options.php
index 20d60ca47..731bb5fed 100644
--- a/admin_options.php
+++ b/admin_options.php
@@ -22,9 +22,7 @@
 
 if (isset($_POST['form_sent']))
 {
-	// Custom referrer check (so we can output a custom error message)
-	if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/admin_options.php', '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''))))
-		message($lang_admin_options['Bad HTTP Referer message']);
+	confirm_referrer('admin_options.php', $lang_admin_options['Bad HTTP Referer message']);
 
 	$form = array(
 		'board_title'			=> pun_trim($_POST['form']['board_title']),
@@ -98,7 +96,7 @@
 	$languages = forum_list_langs();
 	if (!in_array($form['default_lang'], $languages))
 		message($lang_common['Bad request']);
-	
+
 	$styles = forum_list_styles();
 	if (!in_array($form['default_style'], $styles))
 		message($lang_common['Bad request']);
diff --git a/include/functions.php b/include/functions.php
index c1cd3ff10..9304eb5ac 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1014,12 +1014,27 @@ function file_get_contents($filename, $use_include_path = 0)
 //
 // Make sure that HTTP_REFERER matches $pun_config['o_base_url']/$script
 //
-function confirm_referrer($script)
+function confirm_referrer($script, $error_msg = false)
 {
 	global $pun_config, $lang_common;
 
-	if (!preg_match('#^'.preg_quote(str_replace('www.', '', $pun_config['o_base_url']).'/'.$script, '#').'#i', str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? urldecode($_SERVER['HTTP_REFERER']) : ''))))
-		message($lang_common['Bad referrer']);
+	// There is no referrer
+	if (empty($_SERVER['HTTP_REFERER']))
+		message($error_msg ? $error_msg : $lang_common['Bad referrer']);
+
+	$referrer = parse_url(strtolower($_SERVER['HTTP_REFERER']));
+	// Remove www subdomain if it exists
+	if (strpos($referrer['host'], 'www.') === 0)
+		$referrer['host'] = substr($referrer['host'], 4);
+
+	$valid = parse_url(strtolower($pun_config['o_base_url'].'/'.$script));
+	// Remove www subdomain if it exists
+	if (strpos($valid['host'], 'www.') === 0)
+		$valid['host'] = substr($valid['host'], 4);
+
+	// Check the host and path match. Ignore the scheme, port, etc.
+	if ($referrer['host'] != $valid['host'] || $referrer['path'] != $valid['path'])
+		message($error_msg ? $error_msg : $lang_common['Bad referrer']);
 }