From: skodak <skodak>
Date: Sun, 14 May 2006 21:21:35 +0000 (+0000)
Subject: fixed secure forms handling when POST url contained GET parameters (cookieless mode... 
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=70ed990ed29e49f6dc52512c32ad50efd28e57bc;p=moodle.git

fixed secure forms handling when POST url contained GET parameters (cookieless mode and some other forms); merged from MOODLE_16_STABLE
---

diff --git a/lib/weblib.php b/lib/weblib.php
index 11bef1a194..16231e780f 100644
--- a/lib/weblib.php
+++ b/lib/weblib.php
@@ -284,6 +284,11 @@ function match_referer($goodreferer = '') {
 
     if (empty($goodreferer)) {
         $goodreferer = qualified_me();
+        // try to remove everything after ? because POST url may contain GET parameters (SID rewrite, etc.)
+	    $pos = strpos($goodreferer, '?');
+        if ($pos !== FALSE) {
+            $goodreferer = substr($goodreferer, 0, $pos);
+        }
     }
 
     $referer = get_referer();