1
I had the HTTP_REFERER problem too, and it was driving me up the wall. I finally tracked down a fix here:
https://xoops.org/modules/smartfaq/faq.php?faqid=310
The fix at that URL is for pre-2.2.x versions. So here's the hack for 2.2.x versions:
Open the file class/xoopssecurity.php
On line 167 or so you'll find the following code:
Change
to
and you're in business.
I have no idea how this affects the overall security of your site, so make this hack at YOUR OWN RISK! The poster at https://xoops.org/modules/smartfaq/faq.php?faqid=310 seems to think it's okay, but you should probably take steps to find out for yourself . . .
https://xoops.org/modules/smartfaq/faq.php?faqid=310
The fix at that URL is for pre-2.2.x versions. So here's the hack for 2.2.x versions:
Open the file class/xoopssecurity.php
On line 167 or so you'll find the following code:
/**
* Check the user agent's HTTP REFERER against XOOPS_URL
*
* @param int $docheck 0 to not check the referer
(used with XML-RPC), 1 to actively check it
*
* @return bool
**/
function checkReferer($docheck=1)
{
if ($docheck == 0) {
return true;
}
$ref = xoops_getenv('HTTP_REFERER');
if ($ref == '') {
return false;
}
$pref = parse_url($ref);
if ( $pref['host'] != $_SERVER['HTTP_HOST'] ) {
return false;
}
return true;
} Change
$ref = xoops_getenv('HTTP_REFERER');
if ($ref == '') {
return false; to
$ref = xoops_getenv('HTTP_REFERER');
if ($ref == '') {
return true; and you're in business.
I have no idea how this affects the overall security of your site, so make this hack at YOUR OWN RISK! The poster at https://xoops.org/modules/smartfaq/faq.php?faqid=310 seems to think it's okay, but you should probably take steps to find out for yourself . . .
