-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathinit-browser.php
More file actions
31 lines (27 loc) · 846 Bytes
/
init-browser.php
File metadata and controls
31 lines (27 loc) · 846 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
<?php
require dirname(__FILE__) . "/init.php";
function report($errno, $errstr, $errfile, $errline)
{
header('HTTP/1.1 500 Internal Server Error');
// TODO: Report error to devsys
$msg = "($errfile:$errline) $errno: $errstr";
error_log($msg);
exit("Error written to error log.\n");
}
# Paranoia (try to expose as less as possible)
$uniq = "";
foreach (["HTTP_ACCEPT_LANGUAGE", "HTTP_USER_AGENT", "HTTP_ACCEPT"] as $key) {
if (isset($_SERVER[$key])) {
$uniq .= $_SERVER[$key];
}
}
# Simple referer check
# You still need to ensure the HOST is not blindly forwarded by Nginx
$refok = false;
{
if (isset($_SERVER["HTTP_REFERER"])) {
$domain = str_replace("https://", "", str_replace("http://", "", $_SERVER["HTTP_REFERER"]));
$domain = substr($domain, 0, strpos($domain, "/"));
$refok = $domain === $_SERVER["SERVER_NAME"];
}
}