CSRF 检测
同一个主域名下的请求将返回 true
否则返回 false
boolean Core_HttpIO::csrf_check( )
boolean
810811812813814815816817818819820821822823824825826827828829830831832public
static
function
csrf_check()
{
if
(!
$_SERVER
[
'HTTP_REFERER'
])
{
return
false;
}
$info
= @
parse_url
(
$_SERVER
[
'HTTP_REFERER'
]);
if
(!
$info
)
return
false;
$host
=
$info
[
'host'
];
if
(
$_SERVER
[
'HTTP_HOST'
]==
$host
)
return
true;
if
(HttpIO::get_primary_domain(
$_SERVER
[
'HTTP_HOST'
]) == HttpIO::get_primary_domain(
$host
))
{
return
true;
}
else
{
return
false;
}
}