[Xerte-dev] Re: Access: Other
Pat Lockley (Pgogy)
info at pgogywebstuff.com
Fri Nov 6 16:05:47 GMT 2015
On 2015-11-06 10:40, Julian Tenney wrote:
> It seems there is a problem with access: other not restricting access
> to the specified domain. Can anyone else replicate this? Is it easy to
> fix?
The code makes no sense logic wise in that bit
https://github.com/thexerteproject/xerteonlinetoolkits/blob/develop/play.php
try changing
if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
to
if (strpos($_SERVER['HTTP_REFERER'], $test_string) !== FALSE) {
} else if (substr($row_play['access_to_whom'], 0, 5) == "Other") {
/*
* The Other attribute has been set - so break the string down to
obtain the host
*/
$test_string = substr($row_play['access_to_whom'], 6,
strlen($row_play['access_to_whom']));
_debug("'Other' security is active for '" . $test_string . "', the
current referrer is: '" . $_SERVER['HTTP_REFERER'] . "'");
/*
* Can only check against this variable, if I can't find it (say pop
ups) no choice but to fail
*/
if (strlen($_SERVER['HTTP_REFERER']) != 0) {
if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
db_query("UPDATE
{$xerte_toolkits_site->database_table_prefix}templatedetails SET
number_of_uses=number_of_uses+1 WHERE template_id=?",
array($safe_template_id));
show_template($row_play);
More information about the Xerte-dev
mailing list