From 49fe71ef556b3cb4fc2d21336189c949fa4878a3 Mon Sep 17 00:00:00 2001
From: Bas S <github@bas.steelooper.com>
Date: Fri, 8 Nov 2019 09:52:22 +0100
Subject: [PATCH] Potential Fix for issue #87

---
 data/inc/functions.admin.php | 20 +++++++++++++++++---
 1 file changed, 17 insertions(+), 3 deletions(-)

diff --git a/data/inc/functions.admin.php b/data/inc/functions.admin.php
index b1e2ddb3..a47047cf 100755
--- a/data/inc/functions.admin.php
+++ b/data/inc/functions.admin.php
@@ -651,8 +651,22 @@ function check_update_version($version) {
  */
 
 function requestedByTheSameDomain() {
-    $myDomain       = $_SERVER['SCRIPT_URI'];
-    $requestsSource = $_SERVER['HTTP_REFERER'];
+	if(isset($_SERVER['SCRIPT_URI'])){
+		$myDomain   = $_SERVER['SCRIPT_URI'];
+	} elseif(isset($_SERVER['SCRIPT_URI'])){
+		$myDomain	= $_SERVER['SCRIPT_URI'];
+	} else {
+		$myDomain = $null;
+	}
+	if(isset($_SERVER['HTTP_REFERER'])){
+	$requestsSource = $_SERVER['HTTP_REFERER'];
+	} else {
+		$requestsSource = $null;
+	}
 
-    return parse_url($myDomain, PHP_URL_HOST) === parse_url($requestsSource, PHP_URL_HOST);
+	if ($mydomain != $null and $requestsSource != $null ){
+		return parse_url($myDomain, PHP_URL_HOST) === parse_url($requestsSource, PHP_URL_HOST);
+	} else {
+		show_error("Be carefull with clicking links, they might compromise your website. Your installation is not secured with measures to protect it.", 1);
+	}
 }