LnBlog 2.3.2 - No Need for Ports

A new patch release is up.  You can get it from the download page.

This one fixes a small but significant bug, reported by atomGit via Github.  There was an issue with the CSRF protection code where it did not properly account for URLs with a port in them.  So if you tried to run LnBlog with a PHP test server on a non-standard port, the initial setup page would return a 400 Bad Request error.  Sadly, there was nothing particularly subtle or interesting about this bug - it's just something I didn't account for.  The CSRF code was blissfully unaware that a URL or hostname could contain a port.  This led to trying to compare an HTTP_HOST header with a port in it, e.g. localhost:8081 to a call to parse_url($_SERVER['HTTP_ORIGIN'], PHP_URL_HOST), which explicitly discards the port.

While I was at it, I also updated the defaults for the userdata path when the LnBlog directory is the server's document root.  This is because the normal default is to have userdata and LnBlog in the same directory, but right now LnBlog assumes that the userdata directory will be web-accessible.  So in that case, the default is now to put userdata inside of LnBlog, like in the "good ol' days".

You can reply to this entry by leaving a comment below. This entry accepts Pingbacks from other blogs. You can follow comments on this entry by subscribing to the RSS feed.

Add your comments #

A comment body is required. No HTML code allowed. URLs starting with http:// or ftp:// will be automatically converted to hyperlinks.