пре 2 година · d30f96c78c
--- a/web/inc/prevent_csrf.php
+++ b/web/inc/prevent_csrf.php
@@ -40,8 +40,19 @@ function prevent_post_csrf() {
 
				 	if (!empty($_SERVER["REQUEST_METHOD"])) {
			
 
				 		if ($_SERVER["REQUEST_METHOD"] === "POST") {
			
 
				 			if (!empty($_SERVER["HTTP_HOST"])) {
			
 
				-				[$hostname, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
			
 
				-				if (empty($port)) {
			
 
				+				$hostname = preg_replace(
			
 
				+					"/(\[?[^]]*\]?):([0-9]{1,5})$/",
			
 
				+					"$1",
			
 
				+					$_SERVER["HTTP_HOST"],
			
 
				+				);
			
 
				+				$port_is_defined = preg_match("/\[?[^]]*\]?:[0-9]{1,5}$/", $_SERVER["HTTP_HOST"]);
			
 
				+				if ($port_is_defined) {
			
 
				+					$port = preg_replace(
			
 
				+						"/(\[?[^]]*\]?):([0-9]{1,5})$/",
			
 
				+						"$2",
			
 
				+						$_SERVER["HTTP_HOST"],
			
 
				+					);
			
 
				+				} else {
			
 
				 					$port = 443;
			
 
				 				}
			
 
				 			} else {
			
@@ -74,8 +85,19 @@ function prevent_get_csrf() {
 
				 	if (!empty($_SERVER["REQUEST_METHOD"])) {
			
 
				 		if ($_SERVER["REQUEST_METHOD"] === "GET") {
			
 
				 			if (!empty($_SERVER["HTTP_HOST"])) {
			
 
				-				[$hostname, $port] = explode(":", $_SERVER["HTTP_HOST"] . ":");
			
 
				-				if (empty($port)) {
			
 
				+				$hostname = preg_replace(
			
 
				+					"/(\[?[^]]*\]?):([0-9]{1,5})$/",
			
 
				+					"$1",
			
 
				+					$_SERVER["HTTP_HOST"],
			
 
				+				);
			
 
				+				$port_is_defined = preg_match("/\[?[^]]*\]?:[0-9]{1,5}$/", $_SERVER["HTTP_HOST"]);
			
 
				+				if ($port_is_defined) {
			
 
				+					$port = preg_replace(
			
 
				+						"/(\[?[^]]*\]?):([0-9]{1,5})$/",
			
 
				+						"$2",
			
 
				+						$_SERVER["HTTP_HOST"],
			
 
				+					);
			
 
				+				} else {
			
 
				 					$port = 443;
			
 
				 				}
			
 
				 			} else {