public static function VInit() { $referer = Ko_Web_Request::SHttpReferer(); if ('' != $referer) { $rinfo = parse_url($referer); if (PASSPORT_DOMAIN !== $rinfo['host'] && (MAIN_DOMAIN === $rinfo['host'] || '.' . MAIN_DOMAIN === substr($rinfo['host'], -1 - strlen(MAIN_DOMAIN)))) { Ko_Web_Response::VSetCookie(self::COOKIE_NAME, $referer); } } }
/** * 通过设置 POST 时允许的 ref 域名来保证基本的安全 * * @param array $aPostAllowRefDomain 只允许ref为同样的域名 array(), * 允许ref为任意域名 array('*'), * 允许ref为指定某些域名 array('*.test.com', 'www.demo.com'), * ref为空被视为可以访问不进行这些检查 */ public static function BCheckMethod($aPostAllowRefDomain = array()) { if ('POST' === Ko_Web_Request::SRequestMethod()) { $referer = Ko_Web_Request::SHttpReferer(); if (strlen($referer)) { $refinfo = parse_url(strtolower($referer)); if (empty($aPostAllowRefDomain)) { list($host, $port) = explode(':', Ko_Web_Request::SHttpHost(), 2); if ($refinfo['host'] !== $host) { return false; } } else { if (!self::_BCheckDomains($refinfo['host'], $aPostAllowRefDomain)) { return false; } } } } return true; }