Another referer fix for pwreset

author Stefan Wold <redacted>

Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)

committer Stefan Wold <redacted>

Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)
author Stefan Wold <redacted>
Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)
committer Stefan Wold <redacted>
Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)
diff --git a/docs/gnuworld/forms/pwreset.php b/docs/gnuworld/forms/pwreset.php

index 9959346a7cddd21b5a2adb2cd27079f739074094..48366194eebc506c0975e2cbb797621d43c76195 100755 (executable)
--- a/docs/gnuworld/forms/pwreset.php
+++ b/docs/gnuworld/forms/pwreset.php
@@ -122,7 +122,7 @@ if ($ro1->post_forms!="" && $ro1->post_forms>0) {
  $tref = gen_server_url() . LIVE_LOCATION . "/forgotten_pass.php";
  $tref2 = gen_server_url() . $_SERVER['REQUEST_URI'];
  
-if ($_SERVER['HTTP_REFERER'] != $tref) {
+if ($_SERVER['HTTP_REFERER'] != $tref && $_SERVER['HTTP_REFERER'] != $tref2) {
         echo "<h2>\n";
  
         echo "You can only access this form after at least you tried the 'forgotten password' option.<br>\n";
author	Stefan Wold <redacted>
	Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)
committer	Stefan Wold <redacted>
	Mon, 25 Jan 2021 09:40:49 +0000 (09:40 +0000)