public static function getUrl() { $url = f::getParam("_url"); if (substr($url, 0, 6) == "/form/") { f::setParam("client_id", f::strtoken($url, 3, "/")); f::setParam("form_id", f::strtoken($url, 4, "/")); $url = "/forms/post"; } else { if ($url == "/" || $url == "/index") { header("Location:/admin/index"); $url = ""; } } return $url; }
private static function checkDomain($form) { $hostOk = true; if ($form["enabled_domains"]) { $enabledDomains = explode(",", $form["enabled_domains"]); $host = f::strtoken($_SERVER["HTTP_HOST"], 1, ":"); $host2 = f::strtoken($_SERVER["X-Forwarded-For"], 1, ":"); $hostOk = false; foreach ($enabledDomains as $enabledDomain) { $enabledDomain = trim($enabledDomain); if ($enabledDomain && ($enabledDomain == $host || $enabledDomain == $host2)) { $hostOk = true; } } } return $hostOk; }
private static function validateForm($form) { if (!$form) { f::setError(400, "Form not found"); } else { if ($form["enabled_domains"]) { $enabledDomains = explode(",", $form["enabled_domains"]); $host = f::strtoken($_SERVER["HTTP_HOST"], 1, ":"); $host2 = f::strtoken($_SERVER["X-Forwarded-For"], 1, ":"); $hostOk = false; foreach ($enabledDomains as $enabledDomain) { $enabledDomain = trim($enabledDomain); if ($enabledDomain && ($enabledDomain == $host || $enabledDomain == $host2)) { $hostOk = true; } } if (!$hostOk) { f::setError(400, "Hostname not allowed"); } } } }