Project

General

Profile

« Previous | Next » 

Revision 1617

Added by darkviper over 12 years ago

fixed function SanitizeHttpReferer() in consideration of subdirectories

View differences:

branches/2.8.x/CHANGELOG
11 11 
! = Update/Change
12 12 
===============================================================================
13 13 

  		




  
  14
  
    
22 Feb-2012 Build 1617 Werner v.d.Decken(DarkViper)


  		




  
  15
  
    
# fixed function SanitizeHttpReferer() in consideration of subdirectories


  		




  14
  16
  
    
18 Feb-2012 Build 1616 Dietmar Woellbrink (Luisehahne)


  		




  15
  17
  
    
! update INSTALL and UPGRADE instruction to 2.8.3 (Tks to Ruebenwurzel)


  		




  16
  18
  
    
18 Feb-2012 Build 1615 Dietmar Woellbrink (Luisehahne)


  		












  

    
      branches/2.8.x/wb/admin/interface/version.php
    
  





  51
  51
  
    

  		




  52
  52
  
    
// check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled)


  		




  53
  53
  
    
if(!defined('VERSION')) define('VERSION', '2.8.3');


  		




  54
  
  
    
if(!defined('REVISION')) define('REVISION', '1616');


  		




  
  54
  
    
if(!defined('REVISION')) define('REVISION', '1617');


  		




  55
  55
  
    
if(!defined('SP')) define('SP', '');


  		












  

    
      branches/2.8.x/wb/framework/initialize.php
    
  





  21
  21
  
    
require_once(dirname(__FILE__).'/globalExceptionHandler.php');


  		




  22
  22
  
    
if(!defined('WB_PATH')) { throw new IllegalFileException(); }


  		




  23
  23
  
    
/* -------------------------------------------------------- */


  		




  24
  
  
    
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);


  		




  
  24
  
    
/**


  		




  
  25
  
    
 * sanitize $_SERVER['HTTP_REFERER']


  		




  
  26
  
    
 * @param string $sWbUrl qualified startup URL of current application


  		




  
  27
  
    
 */


  		




  
  28
  
    
	function SanitizeHttpReferer($sWbUrl = WB_URL) {


  		




  
  29
  
    
		$sTmpReferer = '';


  		




  
  30
  
    
		if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {


  		




  
  31
  
    
			$aRefUrl = parse_url($_SERVER['HTTP_REFERER']);


  		




  
  32
  
    
			if ($aRefUrl !== false) {


  		




  
  33
  
    
				$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : '';


  		




  
  34
  
    
				$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : '';


  		




  
  35
  
    
				$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : '';


  		




  
  36
  
    
				$aWbUrl = parse_url(WB_URL);


  		




  
  37
  
    
				if ($aWbUrl !== false) {


  		




  
  38
  
    
					$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : '';


  		




  
  39
  
    
					$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : '';


  		




  
  40
  
    
					if (strpos($aRefUrl['host'].$aRefUrl['path'],


  		




  
  41
  
    
							   $aWbUrl['host'].$aWbUrl['path']) !== false) {


  		




  
  42
  
    
						$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']);


  		




  
  43
  
    
						$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment'];


  		




  
  44
  
    
					}


  		




  
  45
  
    
					unset($aWbUrl);


  		




  
  46
  
    
				}


  		




  
  47
  
    
				unset($aRefUrl);


  		




  
  48
  
    
			}


  		




  
  49
  
    
		}


  		




  
  50
  
    
		$_SERVER['HTTP_REFERER'] = $sTmpReferer;


  		




  
  51
  
    
	}


  		




  25
  52
  
    

  		




  
  53
  
    

  		




  26
  54
  
    
if (file_exists(WB_PATH.'/framework/class.database.php')) {


  		




  27
  
  
    
	$sTmpReferer = '';


  		




  28
  
  
    
	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {


  		




  29
  
  
    
	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);


  		




  30
  
  
    
       if ($tmp0 !== false) {


  		




  31
  
  
    
                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';


  		




  32
  
  
    
                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';


  		




  33
  
  
    
                $tmp0['fragment'] = isset($tmp0['fragment']) ? '#'.$tmp0['fragment'] : '';


  		




  34
  
  
    
                $tmp1 = parse_url(WB_URL);


  		




  35
  
  
    
                if ($tmp1 !== false) {


  		




  36
  
  
    
                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';


  		




  37
  
  
    
                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';


  		




  38
  
  
    
                        if (strpos($tmp0['host'].$tmp0['path'], $tmp1['host'].$tmp1['path']) !== false) {


  		




  39
  
  
    
                                $sTmpReferer = WB_URL.$tmp0['path'].$tmp0['fragment'];


  		




  40
  
  
    
                        }


  		




  41
  
  
    
                }


  		




  42
  
  
    
        }


  		




  43
  
  
    
	}


  		




  44
  
  
    
	$_SERVER['HTTP_REFERER'] = $sTmpReferer;


  		




  
  55
  
    
	// sanitize $_SERVER['HTTP_REFERER']


  		




  
  56
  
    
	SanitizeHttpReferer(WB_URL);


  		




  45
  57
  
    
	date_default_timezone_set('UTC');


  		




  46
  58
  
    
	require_once(WB_PATH.'/framework/class.database.php');


  		




  47
  59
  
    

  		












Also available in:  Unified diff