[geeklog-devel] Plugin upgrade failure (was: More automation)
Dirk Haun
dirk at haun-online.de
Sat May 21 18:02:11 EDT 2011
Rouslan Placella wrote:
> Perhaps I'm missing something, but the 'header("Location: $url");' call
> does send a referer. It's the referer that it itself received, it merely
> copies it over.
I hadn't considered this, I have to admit. Unfortunately it doesn't help us, since it's the wrong URL ...
With the Location header (as with the meta refresh) we specify the URL we want the browser to go to. So that's the .../plugins.php?mode=continue_upgrade... URL. But when the CSRF token is generated, it uses the then-current URL and that's .../plugins.php, without any further parameters. So the two URLs (the one in the token and the one in the referrer) don't match.
HTTP can be messy sometimes :P
> Could this work or am I just embarrassing myself further on the list?
No worries, I obviously hadn't thought this through entirely myself. Thanks for being insistent :)
bye, Dirk
More information about the geeklog-devel
mailing list