chech_referrer not working

Hello:

I'm testing new check_referrer functionality. It doesn't work for me. I
think the problem is that

1. the global var $check_referrer is modify inside is_logged_in()
function, and
2. is_logged_in() is called twice in webmail.php: one in the included
validate.php and another one in webmail.php itself.

I attach a patch that address 1.

And I think the call to is_logged_in() inside webmail.php must be
removed because is_logged_in() is already called in the included
validate.php.

Regards,
Fernando.

--- functions/auth.original.php 2009-10-12 13:09:46.088235997 +0200
+++ functions/auth.php 2009-10-12 13:34:37.235967000 +0200
@@ -62,15 +62,15 @@ function is_logged_in() {
     global $check_referrer, $domain;
     if ($check_referrer == '###DOMAIN###') $check_referrer = $domain;
     if (!empty($check_referrer)) {
-        $ssl_check_referrer = 'https://' . $check_referrer;
-        $check_referrer = 'http://' . $check_referrer;
+        $ssl_chk_ref = 'https://' . $check_referrer;
+        $chk_ref = 'http://' . $check_referrer;
     }
     if (!sqgetGlobalVar('HTTP_REFERER', $referrer, SQ_SERVER)) $referrer = '';
     if (sqsession_is_registered('user_is_logged_in')
      && (!$check_referrer || empty($referrer)
       || ($check_referrer && !empty($referrer)
-       && (strpos(strtolower($referrer), strtolower($check_referrer)) === 0
-        || strpos(strtolower($referrer), strtolower($ssl_check_referrer)) === 0)))) {
+       && (strpos(strtolower($referrer), strtolower($chk_ref)) === 0
+        || strpos(strtolower($referrer), strtolower($ssl_chk_ref)) === 0)))) {
         return;
     } else {
 

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel

On Mon, Oct 12, 2009 at 12:13 PM, Fernando Gozalo <fgozalo@...> wrote:
Thank you for your testing.  I believe the main problem is the second
one.  I have fixed this in CVS, thanks to you.  This makes the changes
in number one above unnecessary, but I think they are also a good
suggestion, so I'll probably add them.

Cheers,

Paul

--
Paul Lesniewski
SquirrelMail Team
Please support Open Source Software by donating to SquirrelMail!
http://squirrelmail.org/donate_paul_lesniewski.php

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
-----
squirrelmail-devel mailing list
Posting guidelines: http://squirrelmail.org/postingguidelines
List address: squirrelmail-devel@...
List archives: http://news.gmane.org/gmane.mail.squirrelmail.devel
List info (subscribe/unsubscribe/change options): https://lists.sourceforge.net/lists/listinfo/squirrelmail-devel