1e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block<?php
2e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockrequire_once 'portabilityLayer.php';
3e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
4e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block// This script detects requests that could not be sent before cross-site XMLHttpRequest appeared.
5e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
6e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Expires: Thu, 01 Dec 2003 16:00:00 GMT");
7e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Cache-Control: no-cache, no-store, must-revalidate");
8e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Pragma: no-cache");
9e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
10e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (!sys_get_temp_dir()) {
11e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    echo "FAIL: No temp dir was returned.\n";
12e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
13e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
14e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
15e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockfunction setState($newState, $file)
16e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block{
17e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    file_put_contents($file, $newState);
18e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
19e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
20e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockfunction getState($file)
21e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block{
22e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    if (!file_exists($file)) {
23e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block        return "";
24e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    }
25e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    return file_get_contents($file);
26e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
27e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
28e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$stateFile = sys_get_temp_dir() . "/tripmine-status";
29e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$command = $_GET['command'];
30e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($command) {
31e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    if ($command == "status")
32e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block        echo getState($stateFile);
33e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
34e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
35e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
36e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$method = $_SERVER['REQUEST_METHOD'];
37e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$contentType = $_SERVER['CONTENT_TYPE'];
38e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
39e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($method == "OPTIONS") {
40e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    // Don't allow cross-site requests with preflight.
41e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
42e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
43e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
44e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block// Only allow simple cross-site requests - since we did not allow preflight, this is all we should ever get.
45e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
46e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($method != "GET" && $method != "HEAD" && $method != "POST") {
47e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    setState("FAIL. Non-simple method $method.", $stateFile);
48e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
49e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
50e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
51e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (isset($contentType)
52e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block     && !preg_match("/^application\/x\-www\-form\-urlencoded(;.+)?$/", $contentType)
53e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block     && !preg_match("/^multipart\/form\-data(;.+)?$/", $contentType)
54e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block     && !preg_match("/^text\/plain(;.+)?$/", $contentType)) {
55e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    setState("FAIL. Non-simple content type: $contentType.", $stateFile);
56e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
57e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
58e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block
59e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (isset($_SERVER['HTTP_X_WEBKIT_TEST'])) {
60e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    setState("FAIL. Custom header sent with a simple request.", $stateFile);
61e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block    exit();
62e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block}
63e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block?>
64