Revision 1617
Added by darkviper almost 13 years ago
initialize.php | ||
---|---|---|
21 | 21 |
require_once(dirname(__FILE__).'/globalExceptionHandler.php'); |
22 | 22 |
if(!defined('WB_PATH')) { throw new IllegalFileException(); } |
23 | 23 |
/* -------------------------------------------------------- */ |
24 |
//set_include_path(get_include_path() . PATH_SEPARATOR . WB_PATH); |
|
24 |
/** |
|
25 |
* sanitize $_SERVER['HTTP_REFERER'] |
|
26 |
* @param string $sWbUrl qualified startup URL of current application |
|
27 |
*/ |
|
28 |
function SanitizeHttpReferer($sWbUrl = WB_URL) { |
|
29 |
$sTmpReferer = ''; |
|
30 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { |
|
31 |
$aRefUrl = parse_url($_SERVER['HTTP_REFERER']); |
|
32 |
if ($aRefUrl !== false) { |
|
33 |
$aRefUrl['host'] = isset($aRefUrl['host']) ? $aRefUrl['host'] : ''; |
|
34 |
$aRefUrl['path'] = isset($aRefUrl['path']) ? $aRefUrl['path'] : ''; |
|
35 |
$aRefUrl['fragment'] = isset($aRefUrl['fragment']) ? '#'.$aRefUrl['fragment'] : ''; |
|
36 |
$aWbUrl = parse_url(WB_URL); |
|
37 |
if ($aWbUrl !== false) { |
|
38 |
$aWbUrl['host'] = isset($aWbUrl['host']) ? $aWbUrl['host'] : ''; |
|
39 |
$aWbUrl['path'] = isset($aWbUrl['path']) ? $aWbUrl['path'] : ''; |
|
40 |
if (strpos($aRefUrl['host'].$aRefUrl['path'], |
|
41 |
$aWbUrl['host'].$aWbUrl['path']) !== false) { |
|
42 |
$aRefUrl['path'] = preg_replace('#^'.$aWbUrl['path'].'#i', '', $aRefUrl['path']); |
|
43 |
$sTmpReferer = WB_URL.$aRefUrl['path'].$aRefUrl['fragment']; |
|
44 |
} |
|
45 |
unset($aWbUrl); |
|
46 |
} |
|
47 |
unset($aRefUrl); |
|
48 |
} |
|
49 |
} |
|
50 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer; |
|
51 |
} |
|
25 | 52 |
|
53 |
|
|
26 | 54 |
if (file_exists(WB_PATH.'/framework/class.database.php')) { |
27 |
$sTmpReferer = ''; |
|
28 |
if (isset($_SERVER['HTTP_REFERER']) && $_SERVER['HTTP_REFERER'] != '') { |
|
29 |
$tmp0 = parse_url($_SERVER['HTTP_REFERER']); |
|
30 |
if ($tmp0 !== false) { |
|
31 |
$tmp0['host'] = isset($tmp0['host']) ? $tmp0['host'] : ''; |
|
32 |
$tmp0['path'] = isset($tmp0['path']) ? $tmp0['path'] : ''; |
|
33 |
$tmp0['fragment'] = isset($tmp0['fragment']) ? '#'.$tmp0['fragment'] : ''; |
|
34 |
$tmp1 = parse_url(WB_URL); |
|
35 |
if ($tmp1 !== false) { |
|
36 |
$tmp1['host'] = isset($tmp1['host']) ? $tmp1['host'] : ''; |
|
37 |
$tmp1['path'] = isset($tmp1['path']) ? $tmp1['path'] : ''; |
|
38 |
if (strpos($tmp0['host'].$tmp0['path'], $tmp1['host'].$tmp1['path']) !== false) { |
|
39 |
$sTmpReferer = WB_URL.$tmp0['path'].$tmp0['fragment']; |
|
40 |
} |
|
41 |
} |
|
42 |
} |
|
43 |
} |
|
44 |
$_SERVER['HTTP_REFERER'] = $sTmpReferer; |
|
55 |
// sanitize $_SERVER['HTTP_REFERER'] |
|
56 |
SanitizeHttpReferer(WB_URL); |
|
45 | 57 |
date_default_timezone_set('UTC'); |
46 | 58 |
require_once(WB_PATH.'/framework/class.database.php'); |
47 | 59 |
|
Also available in: Unified diff
fixed function SanitizeHttpReferer() in consideration of subdirectories