Example #1
0
 private function initAuth()
 {
     FreshRSS_Auth::init();
     if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
         // Basic protection against XSRF attacks
         FreshRSS_Auth::removeAccess();
         $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
         Minz_Error::error(403, array('error' => array(_t('access_denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
     }
 }
Example #2
0
 private function initAuth()
 {
     FreshRSS_Auth::init();
     if (Minz_Request::isPost() && !is_referer_from_same_domain()) {
         // Basic protection against XSRF attacks
         FreshRSS_Auth::removeAccess();
         $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER'];
         Minz_Translate::init('en');
         //TODO: Better choice of fallback language
         Minz_Error::error(403, array('error' => array(_t('feedback.access.denied'), ' [HTTP_REFERER=' . htmlspecialchars($http_referer) . ']')));
     }
 }
Example #3
0
function checkStep1()
{
    $php = version_compare(PHP_VERSION, '5.2.1') >= 0;
    $minz = file_exists(join_path(LIB_PATH, 'Minz'));
    $curl = extension_loaded('curl');
    $pdo_mysql = extension_loaded('pdo_mysql');
    $pdo_sqlite = extension_loaded('pdo_sqlite');
    $pdo = $pdo_mysql || $pdo_sqlite;
    $pcre = extension_loaded('pcre');
    $ctype = extension_loaded('ctype');
    $dom = class_exists('DOMDocument');
    $data = DATA_PATH && is_writable(DATA_PATH);
    $cache = CACHE_PATH && is_writable(CACHE_PATH);
    $users = USERS_PATH && is_writable(USERS_PATH);
    $favicons = is_writable(join_path(DATA_PATH, 'favicons'));
    $persona = is_writable(join_path(DATA_PATH, 'persona'));
    $http_referer = is_referer_from_same_domain();
    return array('php' => $php ? 'ok' : 'ko', 'minz' => $minz ? 'ok' : 'ko', 'curl' => $curl ? 'ok' : 'ko', 'pdo-mysql' => $pdo_mysql ? 'ok' : 'ko', 'pdo-sqlite' => $pdo_sqlite ? 'ok' : 'ko', 'pdo' => $pdo ? 'ok' : 'ko', 'pcre' => $pcre ? 'ok' : 'ko', 'ctype' => $ctype ? 'ok' : 'ko', 'dom' => $dom ? 'ok' : 'ko', 'data' => $data ? 'ok' : 'ko', 'cache' => $cache ? 'ok' : 'ko', 'users' => $users ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', 'persona' => $persona ? 'ok' : 'ko', 'http_referer' => $http_referer ? 'ok' : 'ko', 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $data && $cache && $users && $favicons && $persona && $http_referer ? 'ok' : 'ko');
}