*sigh* looks like this stupid referer check was the actual reason why the

preview functionality was broken for doc comments in the admin interface
ever since we switched to https. I think best would be to remove it but
given the fact that the website code is soon going to be rewritten anyway
just hack around the issue.

git-svn-id: file:///Users/dpage/pgweb/svn-repo/trunk@2627 8f5c7a92-453e-0410-a47f-ad33c8a6b003

diff --git a/portal/system/page/docs.php b/portal/system/page/docs.php
index 7bf95bd57575b9ba750dfd70e002f36a8e6c87ca..1740401bdaa675587369e9a129fef629d193c409 100644 (file)
--- a/portal/system/page/docs.php
+++ b/portal/system/page/docs.php
@@ -50,7 +50,7 @@ class Page_Docs extends PgPage {
             // Preview is only allowed when called from /admin interface.
             // Just to prevent stupidities, we know referer check isn't
             // actually secure, but it's good enough.
-            if (getenv('HTTP_REFERER') !=
+            if ( preg_replace("/^https/","http",$_SERVER['HTTP_REFERER']) !=
                 $_SETTINGS['masterserver'] . '/admin/comments.php')
                 throw new Exception('Invalid referer');
             $this->preview=1;