1<?php 2require_once 'portabilityLayer.php'; 3 4// This script detects requests that could not be sent before cross-site XMLHttpRequest appeared. 5 6header("Expires: Thu, 01 Dec 2003 16:00:00 GMT"); 7header("Cache-Control: no-cache, no-store, must-revalidate"); 8header("Pragma: no-cache"); 9 10if (!sys_get_temp_dir()) { 11 echo "FAIL: No temp dir was returned.\n"; 12 exit(); 13} 14 15function setState($newState, $file) 16{ 17 file_put_contents($file, $newState); 18} 19 20function getState($file) 21{ 22 if (!file_exists($file)) { 23 return ""; 24 } 25 return file_get_contents($file); 26} 27 28$stateFile = sys_get_temp_dir() . "/tripmine-status"; 29$command = $_GET['command']; 30if ($command) { 31 if ($command == "status") 32 echo getState($stateFile); 33 exit(); 34} 35 36$method = $_SERVER['REQUEST_METHOD']; 37$contentType = $_SERVER['CONTENT_TYPE']; 38 39if ($method == "OPTIONS") { 40 // Don't allow cross-site requests with preflight. 41 exit(); 42} 43 44// Only allow simple cross-site requests - since we did not allow preflight, this is all we should ever get. 45 46if ($method != "GET" && $method != "HEAD" && $method != "POST") { 47 setState("FAIL. Non-simple method $method.", $stateFile); 48 exit(); 49} 50 51if (isset($contentType) 52 && !preg_match("/^application\/x\-www\-form\-urlencoded(;.+)?$/", $contentType) 53 && !preg_match("/^multipart\/form\-data(;.+)?$/", $contentType) 54 && !preg_match("/^text\/plain(;.+)?$/", $contentType)) { 55 setState("FAIL. Non-simple content type: $contentType.", $stateFile); 56 exit(); 57} 58 59if (isset($_SERVER['HTTP_X_WEBKIT_TEST'])) { 60 setState("FAIL. Custom header sent with a simple request.", $stateFile); 61 exit(); 62} 63?> 64