How do you disable the check for referrer information?
If you have users on your own site who cannot post in forums or add other information to the site due to their firewall or some other software that is blocking the referrer information, then you may want to turn off the referrer check in the XOOPS code.
For more info about the referrer information problem, check out this question:
https://xoops.org/modules/smartfaq/faq.php?faqid=9
[There is a comment with detailed instructions for fixing the problem from the firewall end, but that requires all your users with the problem to successfully follow those steps, which chances are they will not all do, hence the need to be able to turn off the check in your XOOPS site.]
To turn off the referrer check, add a line to the function xoops_refcheck() in include/functions.php file, around line 137:
This information applies to XOOPS 2.0.7, and possibly earlier and later versions too. (Hopefully a system configuration option will be added in the future to turn this off without a hack).
Thanks to Mithrandir for this information, found in his post in the following thread:
https://xoops.org/modules/newbb/viewtopic.php?topic_id=25989
For more info about the referrer information problem, check out this question:
https://xoops.org/modules/smartfaq/faq.php?faqid=9
[There is a comment with detailed instructions for fixing the problem from the firewall end, but that requires all your users with the problem to successfully follow those steps, which chances are they will not all do, hence the need to be able to turn off the check in your XOOPS site.]
To turn off the referrer check, add a line to the function xoops_refcheck() in include/functions.php file, around line 137:
function xoops_refcheck($docheck=1)
{
[color=ff0000]return true;#*#DISABLE_REFERER_CHECK#[/color]
$ref = xoops_getenv('HTTP_REFERER');
if ($docheck == 0) {
return true;
}
if ($ref == '') {
return false;
}
if (strpos($ref, XOOPS_URL) !== 0 ) {
return false;
}
return true;
}
This information applies to XOOPS 2.0.7, and possibly earlier and later versions too. (Hopefully a system configuration option will be added in the future to turn this off without a hack).
Thanks to Mithrandir for this information, found in his post in the following thread:
https://xoops.org/modules/newbb/viewtopic.php?topic_id=25989
|
|
Re: this FAQ is too dangerous, isn't this?Login
Search
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | May 31 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|
Did you know ?
your site contents is categorised into modules that present different display formats?
Random question
Recent Q&A List
- How to minimize Spam...
- Is there any chance to connect...
- How to download files from XOOPS...
- I'm making a module/theme...
- How to properly configure your...
- How can i verify all of my files...
- I would like to know if...
- Can someone point me to the...
- Sense of XOOPS_TRUST_PATH
- I using the theme phpkaox, but...
The ticket system is not yet implemented in most modules, so the HTTP REFERER check is still very much in use.
In 2.0.10, the referer check is moved to /class/xoopssecurity.php in the checkReferer() method. The code is the same as in the function in the previous versions.