|
|
@@ -32,9 +32,10 @@
|
|
|
{
|
|
|
if (!empty($_SERVER['REQUEST_METHOD'])) {
|
|
|
if ($_SERVER['REQUEST_METHOD']==='POST') {
|
|
|
- $hostname = explode(':', $_SERVER['HTTP_HOST']);
|
|
|
- $port=$hostname[1];
|
|
|
- $hostname=$hostname[0];
|
|
|
+ list($hostname, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
|
|
|
+ if(empty($port)){
|
|
|
+ $port = 443;
|
|
|
+ }
|
|
|
if (isset($_SERVER['HTTP_ORIGIN'])) {
|
|
|
$origin_host = parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST);
|
|
|
if (strcmp($origin_host, gethostname()) === 0 && in_array($port, array('443',$_SERVER['SERVER_PORT']))) {
|
|
|
@@ -55,9 +56,10 @@
|
|
|
{
|
|
|
if (!empty($_SERVER['REQUEST_METHOD'])) {
|
|
|
if ($_SERVER['REQUEST_METHOD']==='GET') {
|
|
|
- $hostname = explode(':', $_SERVER['HTTP_HOST']);
|
|
|
- $port=$hostname[1];
|
|
|
- $hostname=$hostname[0];
|
|
|
+ list($hostname, $port) = explode(':', $_SERVER["HTTP_HOST"].":");
|
|
|
+ if(empty($port)){
|
|
|
+ $port = 443;
|
|
|
+ }
|
|
|
//list of possible entries route and these should never be blocked
|
|
|
if (in_array($_SERVER['DOCUMENT_URI'], array('/list/user/index.php', '/login/index.php','/list/web/index.php','/list/dns/index.php','/list/mail/index.php','/list/db/index.php','/list/cron/index.php','/list/backup/index.php','/reset/index.php'))) {
|
|
|
return true;
|
Jaap Marcus