From 621b83df72cdafd41e033c250a000a05b5a2eb97 Mon Sep 17 00:00:00 2001
From: Bart Visscher <bartv@thisnet.nl>
Date: Tue, 3 Jul 2012 17:53:09 +0200
Subject: [PATCH] Remove referer check, this is unreliable. The header doesnt
 need te exist, or can be wrong

---
 lib/base.php | 15 ---------------
 1 file changed, 15 deletions(-)

diff --git a/lib/base.php b/lib/base.php
index c2b0bbef78..fe69ad70c0 100644
--- a/lib/base.php
+++ b/lib/base.php
@@ -330,21 +330,6 @@ class OC{
 
 		self::checkInstalled();
 		self::checkSSL();
-
-		// CSRF protection
-		if(isset($_SERVER['HTTP_REFERER'])) $referer=$_SERVER['HTTP_REFERER']; else $referer='';
-		$refererhost=parse_url($referer);
-		if(isset($refererhost['host'])) $refererhost=$refererhost['host']; else $refererhost='';
-		$server=OC_Helper::serverHost();
-		$serverhost=explode(':',$server);
-		$serverhost=$serverhost['0'];
-		if(!self::$CLI){
-			if(($_SERVER['REQUEST_METHOD']=='POST') and ($refererhost<>$serverhost)) {
-				$url = OC_Helper::serverProtocol().'://'.$server.OC::$WEBROOT.'/index.php';
-				header("Location: $url");
-				exit();
-			}
-		}
 		self::initSession();
 		self::initTemplateEngine();
 		self::checkUpgrade();
-- 
GitLab