Project

General

Profile

« Previous | Next » 

Revision 1617

Added by darkviper over 12 years ago

fixed function SanitizeHttpReferer() in consideration of subdirectories

View differences:

initialize.php
21 21
require_once(dirname(__FILE__).'/globalExceptionHandler.php');
22 22
if(!defined('WB_PATH')) { throw new IllegalFileException(); }
23 23
/* -------------------------------------------------------- */
24
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
24
/**
25
 * sanitize $_SERVER['HTTP_REFERER']
26
 * @param string $sWbUrl qualified startup URL of current application
27
 */
28
	function SanitizeHttpReferer($sWbUrl = WB_URL) {
29
		$sTmpReferer = '';
30
		if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
31
			$aRefUrl = parse_url($_SERVER['HTTP_REFERER']);
32
			if ($aRefUrl !== false) {
33
				$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : '';
34
				$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : '';
35
				$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : '';
36
				$aWbUrl = parse_url(WB_URL);
37
				if ($aWbUrl !== false) {
38
					$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : '';
39
					$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : '';
40
					if (strpos($aRefUrl['host'].$aRefUrl['path'],
41
							   $aWbUrl['host'].$aWbUrl['path']) !== false) {
42
						$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']);
43
						$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment'];
44
					}
45
					unset($aWbUrl);
46
				}
47
				unset($aRefUrl);
48
			}
49
		}
50
		$_SERVER['HTTP_REFERER'] = $sTmpReferer;
51
	}
25 52

  
53

  
26 54
if (file_exists(WB_PATH.'/framework/class.database.php')) {
27
	$sTmpReferer = '';
28
	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
29
	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);
30
       if ($tmp0 !== false) {
31
                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';
32
                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';
33
                $tmp0['fragment'] = isset($tmp0['fragment']) ? '#'.$tmp0['fragment'] : '';
34
                $tmp1 = parse_url(WB_URL);
35
                if ($tmp1 !== false) {
36
                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';
37
                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';
38
                        if (strpos($tmp0['host'].$tmp0['path'], $tmp1['host'].$tmp1['path']) !== false) {
39
                                $sTmpReferer = WB_URL.$tmp0['path'].$tmp0['fragment'];
40
                        }
41
                }
42
        }
43
	}
44
	$_SERVER['HTTP_REFERER'] = $sTmpReferer;
55
	// sanitize $_SERVER['HTTP_REFERER']
56
	SanitizeHttpReferer(WB_URL);
45 57
	date_default_timezone_set('UTC');
46 58
	require_once(WB_PATH.'/framework/class.database.php');
47 59

  

Also available in: Unified diff