SECURITY: Интерфейс администратора: перенаправление на страницу автор…

…изации при отсутствии HTTP-заголовка 'Referer' или его несовпадении с адресом магазина git-svn-id: http://subversion.assembla.com/svn/ocstoreru@367 44b37dae-b762-45cd-8c5e-82695f3631dd
rb2 · Apr 16, 2012 · 83122d4 · 83122d4
1 parent e4d2ade
commit 83122d4
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/branches/v0.2.x/admin/controller/common/home.php b/branches/v0.2.x/admin/controller/common/home.php
@@ -232,6 +232,11 @@ public function login() {
 			return $this->forward('common/login');
 		}
 
+		if (!isset($this->request->server['HTTP_REFERER']) or strncasecmp($this->request->server['HTTP_REFERER'], HTTP_SERVER, strlen(HTTP_SERVER))!==0
+			 or strncasecmp($this->request->server['HTTP_REFERER'], HTTPS_SERVER, strlen(HTTPS_SERVER))!==0) {
+			return $this->forward('common/login');
+		}
+
 		if (isset($this->request->get['route'])) {
 			$route = '';
 

diff --git a/branches/v0.2.x/admin/controller/common/login.php b/branches/v0.2.x/admin/controller/common/login.php
@@ -7,7 +7,9 @@ public function index() {
 
 		$this->document->title = $this->language->get('heading_title');
 
-		if ($this->user->isLogged() && isset($this->request->get['token']) && ($this->request->get['token'] == $this->session->data['token'])) {
+		if ($this->user->isLogged() && isset($this->request->get['token']) && ($this->request->get['token'] == $this->session->data['token'])
+			 && isset($this->request->server['HTTP_REFERER']) && (strncasecmp($this->request->server['HTTP_REFERER'], HTTP_SERVER, strlen(HTTP_SERVER))===0
+			 or strncasecmp($this->request->server['HTTP_REFERER'], HTTPS_SERVER, strlen(HTTPS_SERVER))===0)) {
 			$this->redirect(HTTPS_SERVER . 'index.php?route=common/home&token=' . $this->session->data['token']);
 		}