2010-04-07, 19:03:34
Chris has already fixed this in the latest SVN.
Just tested and working fine.
If cannot get the latest SVN version and want to fix this now change lines 21-29 in changedata.php to the following.
Rgds,
Mike.
Just tested and working fine.
If cannot get the latest SVN version and want to fix this now change lines 21-29 in changedata.php to the following.
Code:
// check form referrer - needs siteurl and edit.php in it.
if (isset($_SERVER['HTTP_REFERER'])) {
if ( !(strpos(str_replace('http://www.', '', $SITEURL), $_SERVER['HTTP_REFERER']) === false) || !(strpos("edit.php", $_SERVER['HTTP_REFERER']) === false)) ){
echo "<b>Invalid Referer</b><br />-------<br />";
echo 'Invalid Referer: ' . $_SERVER['HTTP_REFERER'];
die;
}
}
Rgds,
Mike.