@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
...
@@ -96,8 +100,8 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
}
}
}
}
if($found_host==false){
if($found_host==false){
if(!security_checks_disabled()){
if(!security_checks_disabled()){
display_error_form("501",sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />'));
display_error_form("501",sprintf(gettext("A potential %sDNS Rebind attack%s has been detected.%sTry to access the router by IP address instead of by hostname."),'<a href="http://en.wikipedia.org/wiki/DNS_rebinding">','</a>','<br />'));
exit;
exit;
}
}
...
@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
...
@@ -106,10 +110,10 @@ if (function_exists("display_error_form") && !isset($config['system']['webgui'][
}
}
// If the HTTP_REFERER is something other than ourselves then disallow.
// If the HTTP_REFERER is something other than ourselves then disallow.
// allow SSH port forwarded connections and links from localhost
// allow SSH port forwarded connections and links from localhost
$found_host=true;
$found_host=true;
}
}
}
}
}
}
if($found_host==false){
if($found_host==false){
if(!security_checks_disabled()){
if(!security_checks_disabled()){
display_error_form("501","An HTTP_REFERER was detected other than what is defined in System -> Advanced (".htmlspecialchars($_SERVER['HTTP_REFERER'])."). You can disable this check if needed in System -> Advanced -> Admin.");
display_error_form("501","An HTTP_REFERER was detected other than what is defined in System -> Advanced (".htmlspecialchars($_SERVER['HTTP_REFERER'])."). You can disable this check if needed in System -> Advanced -> Admin.");