Topic: http/https in trusted urls
Hello
I request to patch confirm_referrer function to check http/https protocols, not only www.domain.tld/domain.tld
for example:
function confirm_referrer($script)
{
global $pun_config, $lang_common;
$base_url = str_replace('www.', '', $pun_config['o_base_url']);
$referer = str_replace('www.', '', (isset($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : ''));
$base_url = str_replace('https://', 'http://', $base_url);
$referer = str_replace('https://', 'http://', $referer);
if (!preg_match('#^'.preg_quote($base_url.'/'.$script, '#').'#i', $referer))
message($lang_common['Bad referrer']);
}