[Xerte-dev] Re: Access: Other
Julian Tenney
Julian.Tenney at nottingham.ac.uk
Fri Nov 6 16:13:00 GMT 2015
Which bits need to change, just the
if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
to
if (strpos($_SERVER['HTTP_REFERER'], $test_string) !== FALSE) {
???
-----Original Message-----
From: xerte-dev-bounces at lists.nottingham.ac.uk [mailto:xerte-dev-bounces at lists.nottingham.ac.uk] On Behalf Of Pat Lockley (Pgogy)
Sent: 06 November 2015 16:06
To: For Xerte technical developers
Subject: [Xerte-dev] Re: Access: Other
On 2015-11-06 10:40, Julian Tenney wrote:
> It seems there is a problem with access: other not restricting access
> to the specified domain. Can anyone else replicate this? Is it easy to
> fix?
The code makes no sense logic wise in that bit
https://github.com/thexerteproject/xerteonlinetoolkits/blob/develop/play.php
try changing
if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
to
if (strpos($_SERVER['HTTP_REFERER'], $test_string) !== FALSE) {
} else if (substr($row_play['access_to_whom'], 0, 5) == "Other") {
/*
* The Other attribute has been set - so break the string down to obtain the host
*/
$test_string = substr($row_play['access_to_whom'], 6, strlen($row_play['access_to_whom']));
_debug("'Other' security is active for '" . $test_string . "', the current referrer is: '" . $_SERVER['HTTP_REFERER'] . "'");
/*
* Can only check against this variable, if I can't find it (say pop
ups) no choice but to fail
*/
if (strlen($_SERVER['HTTP_REFERER']) != 0) {
if (strpos($_SERVER['HTTP_REFERER'], $test_string) == 0) {
db_query("UPDATE
{$xerte_toolkits_site->database_table_prefix}templatedetails SET
number_of_uses=number_of_uses+1 WHERE template_id=?", array($safe_template_id));
show_template($row_play);
_______________________________________________
Xerte-dev mailing list
Xerte-dev at lists.nottingham.ac.uk
http://lists.nottingham.ac.uk/mailman/listinfo/xerte-dev
More information about the Xerte-dev
mailing list