Project

General

Profile

« Previous | Next » 

Revision 1617

Added by darkviper over 13 years ago

fixed function SanitizeHttpReferer() in consideration of subdirectories

View differences:

initialize.php
21 21 
require_once(dirname(__FILE__).'/globalExceptionHandler.php');
22 22 
if(!defined('WB_PATH')) { throw new IllegalFileException(); }
23 23 
/* -------------------------------------------------------- */
24 
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH);
24 
/**
25 
 * sanitize $_SERVER['HTTP_REFERER']
26 
 * @param string $sWbUrl qualified startup URL of current application
27 
 */
28 
	function SanitizeHttpReferer($sWbUrl = WB_URL) {
29 
		$sTmpReferer = '';
30 
		if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {
31 
			$aRefUrl = parse_url($_SERVER['HTTP_REFERER']);
32 
			if ($aRefUrl !== false) {
33 
				$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : '';
34 
				$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : '';
35 
				$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : '';
36 
				$aWbUrl = parse_url(WB_URL);
37 
				if ($aWbUrl !== false) {
38 
					$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : '';
39 
					$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : '';
40 
					if (strpos($aRefUrl['host'].$aRefUrl['path'],
41 
							   $aWbUrl['host'].$aWbUrl['path']) !== false) {
42 
						$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']);
43 
						$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment'];
44 
					}
45 
					unset($aWbUrl);
46 
				}
47 
				unset($aRefUrl);
48 
			}
49 
		}
50 
		$_SERVER['HTTP_REFERER'] = $sTmpReferer;
51 
	}
25 52 

  		




  
  53
  
    

  		




  26
  54
  
    
if (file_exists(WB_PATH.'/framework/class.database.php')) {


  		




  27
  
  
    
	$sTmpReferer = '';


  		




  28
  
  
    
	if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') {


  		




  29
  
  
    
	        $tmp0 = parse_url($_SERVER['HTTP_REFERER']);


  		




  30
  
  
    
       if ($tmp0 !== false) {


  		




  31
  
  
    
                $tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : '';


  		




  32
  
  
    
                $tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : '';


  		




  33
  
  
    
                $tmp0['fragment'] = isset($tmp0['fragment']) ? '#'.$tmp0['fragment'] : '';


  		




  34
  
  
    
                $tmp1 = parse_url(WB_URL);


  		




  35
  
  
    
                if ($tmp1 !== false) {


  		




  36
  
  
    
                        $tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : '';


  		




  37
  
  
    
                        $tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : '';


  		




  38
  
  
    
                        if (strpos($tmp0['host'].$tmp0['path'], $tmp1['host'].$tmp1['path']) !== false) {


  		




  39
  
  
    
                                $sTmpReferer = WB_URL.$tmp0['path'].$tmp0['fragment'];


  		




  40
  
  
    
                        }


  		




  41
  
  
    
                }


  		




  42
  
  
    
        }


  		




  43
  
  
    
	}


  		




  44
  
  
    
	$_SERVER['HTTP_REFERER'] = $sTmpReferer;


  		




  
  55
  
    
	// sanitize $_SERVER['HTTP_REFERER']


  		




  
  56
  
    
	SanitizeHttpReferer(WB_URL);


  		




  45
  57
  
    
	date_default_timezone_set('UTC');


  		




  46
  58
  
    
	require_once(WB_PATH.'/framework/class.database.php');


  		




  47
  59
  
    

  		












Also available in:  Unified diff