diff options
| author | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-17 07:43:57 -0700 |
|---|---|---|
| committer | Erik Fonnesbeck <efonnes@gmail.com> | 2010-11-17 08:35:30 -0700 |
| commit | a219c6432582650f4942cfb3b5c9c94e14551af5 (patch) | |
| tree | 61224db4c7a4c605efa087d6551573f2e5aae685 | |
| parent | fd7f136b2665a1fda1df5329d24617413cf78847 (diff) | |
| download | pfsense-a219c6432582650f4942cfb3b5c9c94e14551af5.zip pfsense-a219c6432582650f4942cfb3b5c9c94e14551af5.tar.gz | |
Add workaround for referrer check to not be triggered on the previous IP address when redirected by the setup wizard.
| -rw-r--r-- | etc/inc/auth.inc | 29 | ||||
| -rwxr-xr-x | usr/local/www/wizard.php | 4 |
2 files changed, 23 insertions, 10 deletions
diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index b966af3..3fd989b 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -93,7 +93,16 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' $hostname_me = $config['system']['hostname'] . "." . $config['system']['domain']; if(stristr($_SERVER['HTTP_REFERER'], $hostname_me)) $found_host = true; - if(!empty($config['system']['webgui']['althostnames'])) { + if(file_exists("{$g['tmp_path']}/setupwizard_lastreferrer") && !$found_host) { + if($_SERVER['HTTP_REFERER'] == file_get_contents("{$g['tmp_path']}/setupwizard_lastreferrer")) { + unlink("{$g['tmp_path']}/setupwizard_lastreferrer"); + header("Refresh: 1; url=index.php"); + echo "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\"\n \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">"; + echo "<html><head><title>" . gettext("Redirecting...") . "</title></head><body>" . gettext("Redirecting to the dashboard...") . "</body></html>"; + exit; + } + } + if(!empty($config['system']['webgui']['althostnames']) && !$found_host) { $althosts = explode(" ", $config['system']['webgui']['althostnames']); foreach ($althosts as $ah) { if(empty($ah)) @@ -104,14 +113,16 @@ if(function_exists("display_error_form") && !isset($config['system']['webgui'][' } } } - $interface_list_ips = get_configured_ip_addresses(); - foreach($interface_list_ips as $ilips) { - if(empty($ilips)) - continue; - $hostname_me_ip = $config['webgui']['protocol'] . "://" . $ilips; - if(stristr($_SERVER['HTTP_REFERER'],$hostname_me_ip)) { - $found_host = true; - break; + if(!$found_host) { + $interface_list_ips = get_configured_ip_addresses(); + foreach($interface_list_ips as $ilips) { + if(empty($ilips)) + continue; + $hostname_me_ip = $config['webgui']['protocol'] . "://" . $ilips; + if(stristr($_SERVER['HTTP_REFERER'],$hostname_me_ip)) { + $found_host = true; + break; + } } } if($found_host == false) { diff --git a/usr/local/www/wizard.php b/usr/local/www/wizard.php index 0c93977..cc9ce72 100755 --- a/usr/local/www/wizard.php +++ b/usr/local/www/wizard.php @@ -894,7 +894,7 @@ if($pkg['step'][$stepid]['javascriptafterformdisplay'] <> "") { */ function fixup_string($string) { - global $config, $myurl, $title; + global $config, $g, $myurl, $title; $newstring = $string; // fixup #1: $myurl -> http[s]://ip_address:port/ switch($config['system']['webgui']['protocol']) { @@ -926,6 +926,8 @@ function fixup_string($string) { else if ($urlhost == get_interface_ip() && is_ipaddr($config['interfaces']['wan']['ipaddr'])) $urlhost = $config['interfaces']['wan']['ipaddr']; } + if($urlhost != $_SERVER['HTTP_HOST']) + file_put_contents("{$g['tmp_path']}/setupwizard_lastreferrer", $proto . "://" . $_SERVER['HTTP_HOST'] . $urlport . $_SERVER['REQUEST_URI']); $myurl = $proto . "://" . $urlhost . $urlport . "/"; if (strstr($newstring, "\$myurl")) |
