ADDING ADDITIONAL SPECIFIC REFERRERS TO ELIMINATE EXTERNAL SOURCE SECURITY WARNINGS - Jul 9th, 2020


I wanted to add a 'modify this record' link on a search results page that's only available to admins so that they can
update information with less clicks.

Here's the link I inserted:

<?php if (@$CURRENT_USER['isAdmin']): ?><a href="cmsAdmin/admin.php?menu=books&action=edit&num=<?php echo $record['num']
?>" ><span class="text_font" style="text-decoration:underline">Modify This Entry</span></a><?php endif ?>


The problem was that the link kept throwing 'Security Warning: A link from an external source has been detected and
automatically disabled' errors.

With a bit of help from Greg Thomas, a senior programmer at Interactive Tools, here's the solution we came up with.

In lib/common.php search for, 'Security Warning: A link from an external source ' (line 2613 in CMSB Version 3.50) and
replace this code:

$programBaseUrl = _security_getProgramBaseRefererUrl();
$isInternalReferer = startsWith($programBaseUrl, $_SERVER['HTTP_REFERER']);
if (!$isInternalReferer) {
$format = "Security Warning: A link from an external source has been detected and automatically disabled.\n";

With this:

$programBaseUrl = _security_getProgramBaseRefererUrl();
$yourVar1= 'https://your_site.com/search.php'; // the authorized referring pages
$yourVar2= 'https://your_site.com/m/search.php'; // the authorized referring pages
$isInternalReferer = ( startsWith($programBaseUrl, $_SERVER['HTTP_REFERER']) || startsWith($yourVar1,
$_SERVER['HTTP_REFERER']) || startsWith($yourVar2, $_SERVER['HTTP_REFERER']) );
if (!$isInternalReferer) {
$format = "Security Warning: A link from an external source has been detected and automatically disabled.\n";

IMPORTANT!: When I attempted this change using DreamWeaver, it broke the CMSB admin page formatting. (even when I undid
the changes, the formatting issue remained)

CMSB user Steve99 suggested that DreamWeaver's editor has corrupted pages for him in the past, and suggested trying the
edit with Notepad++ or Sublime text editors on a fresh, original copy of the file.



The materials on this web site have been created for use with CMS Builder content management software. CMS Builder software is published and licensed for use by InteractiveTools.com. Please contact Interactive Tools for information on the downloading of the software or the purchasing of licenses.


Terms of Service