1e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block<?php 2e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockrequire_once 'portabilityLayer.php'; 3e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 4e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block// This script detects requests that could not be sent before cross-site XMLHttpRequest appeared. 5e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 6e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Expires: Thu, 01 Dec 2003 16:00:00 GMT"); 7e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Cache-Control: no-cache, no-store, must-revalidate"); 8e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockheader("Pragma: no-cache"); 9e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 10e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (!sys_get_temp_dir()) { 11e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block echo "FAIL: No temp dir was returned.\n"; 12e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 13e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 14e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 15e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockfunction setState($newState, $file) 16e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block{ 17e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block file_put_contents($file, $newState); 18e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 19e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 20e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockfunction getState($file) 21e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block{ 22e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block if (!file_exists($file)) { 23e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block return ""; 24e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block } 25e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block return file_get_contents($file); 26e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 27e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 28e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$stateFile = sys_get_temp_dir() . "/tripmine-status"; 29e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$command = $_GET['command']; 30e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($command) { 31e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block if ($command == "status") 32e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block echo getState($stateFile); 33e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 34e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 35e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 36e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$method = $_SERVER['REQUEST_METHOD']; 37e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block$contentType = $_SERVER['CONTENT_TYPE']; 38e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 39e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($method == "OPTIONS") { 40e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block // Don't allow cross-site requests with preflight. 41e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 42e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 43e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 44e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block// Only allow simple cross-site requests - since we did not allow preflight, this is all we should ever get. 45e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 46e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif ($method != "GET" && $method != "HEAD" && $method != "POST") { 47e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block setState("FAIL. Non-simple method $method.", $stateFile); 48e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 49e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 50e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 51e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (isset($contentType) 52e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block && !preg_match("/^application\/x\-www\-form\-urlencoded(;.+)?$/", $contentType) 53e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block && !preg_match("/^multipart\/form\-data(;.+)?$/", $contentType) 54e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block && !preg_match("/^text\/plain(;.+)?$/", $contentType)) { 55e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block setState("FAIL. Non-simple content type: $contentType.", $stateFile); 56e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 57e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 58e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block 59e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Blockif (isset($_SERVER['HTTP_X_WEBKIT_TEST'])) { 60e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block setState("FAIL. Custom header sent with a simple request.", $stateFile); 61e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block exit(); 62e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block} 63e45c1cdad9627f8b5f50f55c4a9642c1703a616aSteve Block?> 64