mirror of
https://github.com/Lastorder-DC/rhymix.git
synced 2026-05-03 17:22:20 +09:00
CSRF defense
git-svn-id: http://xe-core.googlecode.com/svn/branches/1.5.3.2@12460 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas
parent
36a04a44ba
commit
a3266c1c53
2 changed files with 33 additions and 0 deletions
|
|
@ -1131,6 +1131,24 @@
|
|||
}
|
||||
}
|
||||
|
||||
function checkCSRF()
|
||||
{
|
||||
if($_SERVER['REQUEST_METHOD'] != 'POST')
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
$defaultUrl = Context::getDefaultUrl();
|
||||
$referer = parse_url($_SERVER["HTTP_REFERER"]);
|
||||
|
||||
if(!strstr($defaultUrl, $referer['host']))
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Print raw html header
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue