Strict Referer domain against XSRF

https://github.com/marienfressinaud/FreshRSS/issues/554

app/FreshRSS.php

@@ -6,8 +6,8 @@ class FreshRSS extends Minz_FrontController {
 		}
 		$loginOk = $this->accessControl(Minz_Session::param('currentUser', ''));
 		$this->loadParamsView();
-		if (Minz_Request::isPost() && !empty($_SERVER['HTTP_REFERER']) &&
-			Minz_Request::getDomainName() !== parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST)) {
+		if (Minz_Request::isPost() && (empty($_SERVER['HTTP_REFERER']) ||
+			Minz_Request::getDomainName() !== parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST))) {
 			$loginOk = false;	//Basic protection against XSRF attacks
 			Minz_Error::error(
 				403,