/**
* CSRF 检测
*
* 同一个主域名下的请求将返回 `true` 否则返回 `false`
*
* @return boolean
*/
public static function csrf_check()
{
if (!$_SERVER['HTTP_REFERER']) {
return false;
}
$info = @parse_url($_SERVER['HTTP_REFERER']);
if (!$info) {
return false;
}
$host = $info['host'];
if ($_SERVER['HTTP_HOST'] == $host) {
return true;
}
if (HttpIO::get_primary_domain($_SERVER['HTTP_HOST']) == HttpIO::get_primary_domain($host)) {
return true;
} else {
return false;
}
}
/**
* 自动添加HTML5的AJAX跨越支持
*/
protected static function auto_add_ajax_control_allow_origin()
{
$ajax_cross_domain = Core::config('ajax_cross_domain');
if (false !== $ajax_cross_domain) {
if ('none' == $ajax_cross_domain) {
return;
}
$info = parse_url($_SERVER['HTTP_REFERER']);
$host = $info['host'];
$add_allow_origin = false;
if (is_array($ajax_cross_domain)) {
foreach ($ajax_cross_domain as $item) {
if (strpos($item, '*') !== false) {
$preg = '#^' . str_replace('\\*', '*', preg_quote($item)) . '#$i';
if (preg_match($preg, $host)) {
$add_allow_origin = true;
break;
}
} elseif ($host == $item) {
$add_allow_origin = true;
break;
}
}
} elseif ($ajax_cross_domain) {
if ($_SERVER['HTTP_HOST'] != $host && HttpIO::get_primary_domain($_SERVER['HTTP_HOST']) == HttpIO::get_primary_domain($host)) {
$add_allow_origin = true;
}
}
if ($add_allow_origin) {
header('Access-Control-Allow-Origin: ' . HttpIO::PROTOCOL . $host . (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] ? $_SERVER['SERVER_PORT'] == 443 ? '' : ':' . $_SERVER['SERVER_PORT'] : ($_SERVER['SERVER_PORT'] == 80 ? '' : ':' . $_SERVER['SERVER_PORT'])) . '/');
}
}
}
