fixed secure forms handling when POST url contained GET parameters (cookieless mode...

diff --git a/lib/weblib.php b/lib/weblib.php
index 11bef1a194d9fa8698161a077df8281e83c4ce83..16231e780f2aebc90462288848f94acdff245c97 100644 (file)
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -284,6 +284,11 @@ function match_referer($goodreferer = '') {
 
     if (empty($goodreferer)) {
         $goodreferer = qualified_me();
+        // try to remove everything after ? because POST url may contain GET parameters (SID rewrite, etc.)
+           $pos = strpos($goodreferer, '?');
+        if ($pos !== FALSE) {
+            $goodreferer = substr($goodreferer, 0, $pos);
+        }
     }
 
     $referer = get_referer();