#940: Fix referrer confirmation for forums installed in subdirectories.

delete.php

@@ -51,11 +51,8 @@
 
 if (isset($_POST['delete']))
 {
-	if ($is_admmod)
-		confirm_referrer('delete.php');
-
 	// Make sure they got here from the site
-	confirm_referrer('');
+	confirm_referrer('delete.php');
 
 	require PUN_ROOT.'include/search_idx.php';
 

edit.php

@@ -56,11 +56,8 @@
 
 if (isset($_POST['form_sent']))
 {
-	if ($is_admmod)
-		confirm_referrer('edit.php');
-
 	// Make sure they got here from the site
-	confirm_referrer('');
+	confirm_referrer('edit.php');
 
 	// If it's a topic it must contain a subject
 	if ($can_edit_subject)

include/functions.php

@@ -1041,10 +1041,13 @@ function random_key($len, $readable = false, $hash = false)
 //
 // Make sure that HTTP_REFERER matches base_url/script
 //
-function confirm_referrer($script, $error_msg = false)
+function confirm_referrer($scripts, $error_msg = false)
 {
 	global $pun_config, $lang_common;
 
+	if (!is_array($script))
+		$scripts = array($scripts);
+
 	// There is no referrer
 	if (empty($_SERVER['HTTP_REFERER']))
 		message($error_msg ? $error_msg : $lang_common['Bad referrer']);
@@ -1054,14 +1057,21 @@ function confirm_referrer($script, $error_msg = false)
 	if (strpos($referrer['host'], 'www.') === 0)
 		$referrer['host'] = substr($referrer['host'], 4);
 
-	$valid = parse_url(strtolower(get_base_url().'/'.$script));
-	// Remove www subdomain if it exists
-	if (strpos($valid['host'], 'www.') === 0)
-		$valid['host'] = substr($valid['host'], 4);
+	$valid_paths = array();
+	foreach ($scripts as $script)
+	{
+		$valid = parse_url(strtolower(get_base_url().'/'.$script));
+		// Remove www subdomain if it exists
+		if (strpos($valid['host'], 'www.') === 0)
+			$valid['host'] = substr($valid['host'], 4);
+
+		$valid_host = $valid['host'];
+		$valid_paths[] = $valid['path'];
+	}
 
 	// Check the host and path match. Ignore the scheme, port, etc.
-	if ($referrer['host'] != $valid['host'] || ($referrer['path'] != $valid['path'] && $valid['path'] != '/'))
-		message($error_msg ? $error_msg : $lang_common['Bad referrer']);
+	if ($referrer['host'] != $valid_host || !in_array($referrer['path'], $valid_paths))
+		message($error_msg ? $error_msg : $lang_common['Bad referrer']);}
 }
 
 

misc.php

@@ -217,7 +217,7 @@
 	if (isset($_POST['form_sent']))
 	{
 		// Make sure they got here from the site
-		confirm_referrer('');
+		confirm_referrer('misc.php');
 
 		// Clean up reason from POST
 		$reason = pun_linebreaks(pun_trim($_POST['req_reason']));

post.php

@@ -64,7 +64,7 @@
 		$errors[] = sprintf($lang_post['Flood start'], $pun_user['g_post_flood'], $pun_user['g_post_flood'] - (time() - $pun_user['last_post']));
 
 	// Make sure they got here from the site
-	confirm_referrer('');
+	confirm_referrer(array('post.php', 'viewtopic.php'));
 
 	// If it's a new topic
 	if ($fid)

profile.php

@@ -81,11 +81,8 @@
 
 	if (isset($_POST['form_sent']))
 	{
-		if ($pun_user['is_admmod'])
-			confirm_referrer('profile.php');
-
 		// Make sure they got here from the site
-		confirm_referrer('');
+		confirm_referrer('profile.php');
 
 		$old_password = isset($_POST['req_old_password']) ? pun_trim($_POST['req_old_password']) : '';
 		$new_password1 = pun_trim($_POST['req_new_password1']);
@@ -200,7 +197,7 @@
 			message($lang_profile['Wrong pass']);
 
 		// Make sure they got here from the site
-		confirm_referrer('');
+		confirm_referrer('profile.php');
 
 		require PUN_ROOT.'include/email.php';
 
@@ -330,7 +327,7 @@
 			message($lang_profile['No file']);
 
 		// Make sure they got here from the site
-		confirm_referrer('');
+		confirm_referrer('profile.php');
 
 		$uploaded_file = $_FILES['req_file'];
 
@@ -709,11 +706,8 @@
 		$is_moderator))))																			// or the user is another mod
 		message($lang_common['No permission'], false, '403 Forbidden');
 
-	if ($pun_user['is_admmod'])
-		confirm_referrer('profile.php');
-
 	// Make sure they got here from the site
-	confirm_referrer('');
+	confirm_referrer('profile.php');
 
 	$username_updated = false;