21 |
21 |
require_once(dirname(__FILE__).'/globalExceptionHandler.php');
|
22 |
22 |
if(!defined('WB_PATH')) { throw new IllegalFileException(); }
|
23 |
23 |
/* -------------------------------------------------------- */
|
24 |
|
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
|
|
24 |
/**
|
|
25 |
* sanitize $_SERVER['HTTP_REFERER']
|
|
26 |
* @param string $sWbUrl qualified startup URL of current application
|
|
27 |
*/
|
|
28 |
function SanitizeHttpReferer($sWbUrl = WB_URL) {
|
|
29 |
$sTmpReferer = '';
|
|
30 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
|
|
31 |
$aRefUrl = parse_url($_SERVER['HTTP_REFERER']);
|
|
32 |
if ($aRefUrl !== false) {
|
|
33 |
$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : '';
|
|
34 |
$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : '';
|
|
35 |
$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : '';
|
|
36 |
$aWbUrl = parse_url(WB_URL);
|
|
37 |
if ($aWbUrl !== false) {
|
|
38 |
$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : '';
|
|
39 |
$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : '';
|
|
40 |
if (strpos($aRefUrl['host'].$aRefUrl['path'],
|
|
41 |
$aWbUrl['host'].$aWbUrl['path']) !== false) {
|
|
42 |
$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']);
|
|
43 |
$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment'];
|
|
44 |
}
|
|
45 |
unset($aWbUrl);
|
|
46 |
}
|
|
47 |
unset($aRefUrl);
|
|
48 |
}
|
|
49 |
}
|
|
50 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer;
|
|
51 |
}
|
25 |
52 |
|
|
53 |
|
26 |
54 |
if (file_exists(WB_PATH.'/framework/class.database.php')) {
|
27 |
|
$sTmpReferer = '';
|
28 |
|
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
|
29 |
|
$tmp0 = parse_url($_SERVER['HTTP_REFERER']);
|
30 |
|
if ($tmp0 !== false) {
|
31 |
|
$tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';
|
32 |
|
$tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';
|
33 |
|
$tmp0['fragment'] = isset($tmp0['fragment']) ? '#'.$tmp0['fragment'] : '';
|
34 |
|
$tmp1 = parse_url(WB_URL);
|
35 |
|
if ($tmp1 !== false) {
|
36 |
|
$tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';
|
37 |
|
$tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';
|
38 |
|
if (strpos($tmp0['host'].$tmp0['path'], $tmp1['host'].$tmp1['path']) !== false) {
|
39 |
|
$sTmpReferer = WB_URL.$tmp0['path'].$tmp0['fragment'];
|
40 |
|
}
|
41 |
|
}
|
42 |
|
}
|
43 |
|
}
|
44 |
|
$_SERVER['HTTP_REFERER'] = $sTmpReferer;
|
|
55 |
// sanitize $_SERVER['HTTP_REFERER']
|
|
56 |
SanitizeHttpReferer(WB_URL);
|
45 |
57 |
date_default_timezone_set('UTC');
|
46 |
58 |
require_once(WB_PATH.'/framework/class.database.php');
|
47 |
59 |
|
fixed function SanitizeHttpReferer() in consideration of subdirectories