[Xerte-dev] Re: Access: Other

Fri Nov 6 16:33:21 GMT 2015

Guess so, put some echos in to test

On 2015-11-06 11:13, Julian Tenney wrote:
> Which bits need to change, just the
> 
> if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
> 
> to
> 
> if (strpos($_SERVER['HTTP_REFERER'], $test_string) !== FALSE) {
> 
> ???
> 
> 
> -----Original Message-----
> From: xerte-dev-bounces at lists.nottingham.ac.uk
> [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat
> Lockley (Pgogy)
> Sent: 06 November 2015 16:06
> To: For Xerte technical developers
> Subject: [Xerte-dev] Re: Access: Other
> 
> On 2015-11-06 10:40, Julian Tenney wrote:
>> It seems there is a problem with access: other not restricting access
>> to the specified domain. Can anyone else replicate this? Is it easy to
>> fix?
> 
> The code makes no sense logic wise in that bit
> 
> https://github.com/thexerteproject/xerteonlinetoolkits/blob/develop/play.php
> 
> try changing
> 
> if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
> 
> to
> 
> if (strpos($_SERVER['HTTP_REFERER'], $test_string) !== FALSE) {
> 
> } else if (substr($row_play['access_to_whom'], 0, 5) == "Other") {
>      /*
>       * The Other attribute has been set - so break the string down to
> obtain the host
>       */
>      $test_string = substr($row_play['access_to_whom'], 6,
> strlen($row_play['access_to_whom']));
>      _debug("'Other' security is active for '" . $test_string . "',
> the current referrer is: '" . $_SERVER['HTTP_REFERER'] . "'");
>      /*
>       * Can only check against this variable, if I can't find it (say 
> pop
> ups) no choice but to fail
>       */
>      if (strlen($_SERVER['HTTP_REFERER']) != 0) {
>          if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
>              db_query("UPDATE
> {$xerte_toolkits_site->database_table_prefix}templatedetails SET
> number_of_uses=number_of_uses+1 WHERE template_id=?", 
> array($safe_template_id));
>              show_template($row_play);
> 
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> 
> _______________________________________________
> Xerte-dev mailing list
> Xerte-dev at lists.nottingham.ac.uk
> http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
> 
> 
> 
> 
> This message and any attachment are intended solely for the addressee
> and may contain confidential information. If you have received this
> message in error, please send it back to me, and immediately delete it.
> 
> Please do not use, copy or disclose the information contained in this
> message or in any attachment.  Any views or opinions expressed by the
> author of this email do not necessarily reflect the views of the
> University of Nottingham.
> 
> This message has been checked for viruses but the contents of an
> attachment may still contain software viruses which could damage your
> computer system, you are advised to perform your own checks. Email
> communications with the University of Nottingham may be monitored as
> permitted by UK legislation.

-- 
Pgogy Webstuff
pgogywebstuff.com