HTTP_HOST mangling causes Login to fail for some users
|Reported by:||vipsoft||Owned by:||vipsoft|
|Priority:||major||Milestone:||1.5 - Piwik 1.5|
Description (last modified by vipsoft)
In some environments, a fixup is applied to HTTP_HOST such that it doesn't match the host in SCRIPT_URI. Example:
- open browser to http://example.com/piwik
- $_SERVER['HTTP_HOST'] contains 'www.example.com'
- $_SERVER['REQUEST_URI'] contains 'http://example.com/piwik'
This causes isLocalUrl() and ultimately, the Nonce verification on the Referer to fail.
Change History (8)
comment:1 Changed 3 years ago by vipsoft (robocoder)
- Summary changed from HTTP_HOST mangling causes Login to fails for some users to HTTP_HOST mangling causes Login to fail for some users
comment:3 Changed 3 years ago by vipsoft (robocoder)
- Resolution set to fixed
- Status changed from new to closed