Bug #23770
closed
TYPO3 core does not ignore case when comparing host part of http referrer
0%
Description
All versions of TYPO3 I looked at (4.2.x, 4.3.x, 4.4.x) do NOT ignore case when comparing the host part of the http referrer to the http host.
While the http host ist lowercase, the host part of the http referrer is supplied by the browser and thus may contain mixed case.
Example:
http host: mydomain.com
referrer: http://MyDomain.com/some/page/
host part of referrer: MyDomain.com
This leads to several checks in the typo3 core failing, because they compare referrer host part to http host by simple == instead of case insensitive compare by strcasecmp or similar.
The places that need patching, can mostly be found by grepping the source for doNotCheckReferer ($TYPO3_CONF_VARS['SYS']['doNotCheckReferer']).
I'm willing to supply a patch for this, which should be trivial.
(issue imported from #M16036)
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by 
Updated by