SMF Support > SMF 2.0.x Support

How Can I Disable Referrer Check On Attachments!

(1/2) > >>

fma965:
How Can I Disable Referrer Check On Attachments!

As the big title above says. i need to disable the refferer check on attachments so that i can use this code


--- Code: ---<script>
var adfly_id = xxxxxxxxx;
var adfly_advert = "int";
var domains = ["?action=dlattach",];
</script>
<script src="http://adf.ly/js/link-converter.js"></script>

--- End code ---

this will add ADFLY to my attachments.

I read this below.


--- Quote from: Oldiesmann on January 19, 2012, 02:02:26 AM ---You will need to manually edit the code to do that.

To avoid potential security issues, the best option is just to not do a referrer check if the referrer is set with the "file:///" bit in it.

Sources/Security.php

Find

--- Code: --- $referrer = isset($_SERVER['HTTP_REFERER']) ? @parse_url($_SERVER['HTTP_REFERER']) : array();
--- End code ---

Replace

--- Code: --- if (isset($_SERVER['HTTP_REFERER']))
{
$referrer = strpos($_SERVER['HTTP_REFERER'], 'file:///') === false ? @parse_url($_SERVER['HTTP_REFERER']) : array();
}
--- End code ---

That should make it ignore referrers with "file:///" in them without causing any security issues.

--- End quote ---

but i changed the file:/// to http:adf.ly/ but it didnt work. thanks

MrPhil:
In @Oldiemann's change, you still make sure HTTP_REFERER is available, but you only parse it if it doesn't start with file:/// (indicating that it comes from a local file and not from a site). You want to not parse it if it's coming in from adf.ly? I assume that "http:adf.ly/" is a typo and you actually have "http://adf.ly/".

fma965:

--- Quote from: MrPhil on July 04, 2012, 10:58:45 AM ---In @Oldiemann's change, you still make sure HTTP_REFERER is available, but you only parse it if it doesn't start with file:/// (indicating that it comes from a local file and not from a site). You want to not parse it if it's coming in from adf.ly? I assume that "http:adf.ly/" is a typo and you actually have "http://adf.ly/".

--- End quote ---

yep  :)  (i want to allow the refferer to be adf.ly and i made a typo )

EDIT: i could just modify the attachments file and add http://adf.ly/xxxxxxx/ to the beginning of the attachments. but which file is that?

fma965:
BUMP!! why does no one ever help me on this forum? MyBB support is defintely better but it doesnt have some of the features SMF does :(

EDIT: dont worry i am moving back to MyBB the support for SMF is so non-existent and i even got insulted by 1 guy in another thread so. thanks.

MrPhil:
Good bye and good riddance. We're all volunteers here donating our time. You won't be missed.

Navigation

[0] Message Index

[#] Next page

Go to full version