public static function VInit()
{
$referer = Ko_Web_Request::SHttpReferer();
if ('' != $referer) {
$rinfo = parse_url($referer);
if (PASSPORT_DOMAIN !== $rinfo['host'] && (MAIN_DOMAIN === $rinfo['host'] || '.' . MAIN_DOMAIN === substr($rinfo['host'], -1 - strlen(MAIN_DOMAIN)))) {
Ko_Web_Response::VSetCookie(self::COOKIE_NAME, $referer);
}
}
}
/**
* 通过设置 POST 时允许的 ref 域名来保证基本的安全
*
* @param array $aPostAllowRefDomain 只允许ref为同样的域名 array(),
* 允许ref为任意域名 array('*'),
* 允许ref为指定某些域名 array('*.test.com', 'www.demo.com'),
* ref为空被视为可以访问不进行这些检查
*/
public static function BCheckMethod($aPostAllowRefDomain = array())
{
if ('POST' === Ko_Web_Request::SRequestMethod()) {
$referer = Ko_Web_Request::SHttpReferer();
if (strlen($referer)) {
$refinfo = parse_url(strtolower($referer));
if (empty($aPostAllowRefDomain)) {
list($host, $port) = explode(':', Ko_Web_Request::SHttpHost(), 2);
if ($refinfo['host'] !== $host) {
return false;
}
} else {
if (!self::_BCheckDomains($refinfo['host'], $aPostAllowRefDomain)) {
return false;
}
}
}
}
return true;
}
