From 882d1a4c4550e3b8d03677c8e66dae8fe6d7a8be Mon Sep 17 00:00:00 2001
From: JiangCY <jiangcy@whty.com.cn>
Date: Tue, 30 Oct 2012 15:37:36 +0800
Subject: [PATCH] =?UTF-8?q?=E9=8D=8F=E7=85=8E=EE=86=90=E7=80=B9=E3=88=A1?=
 =?UTF-8?q?=E5=9F=9B=E7=BB=94=E7=96=A8OST=E7=92=87=E9=94=8B=E7=9C=B0?=
 =?UTF-8?q?=E9=94=9B=E5=B1=BD=EE=98=A9=E9=90=9E=E5=97=98=E7=97=85=E9=8F=88?=
 =?UTF-8?q?=E5=A1=87TTP=5FREFERER=E9=8D=99=E5=82=9B=E6=9A=9F=E9=8E=AF?=
 =?UTF-8?q?=E5=91=AD=E5=96=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 security_filter.php | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/security_filter.php b/security_filter.php
index 675c93a..32f8f9b 100644
--- a/security_filter.php
+++ b/security_filter.php
@@ -28,11 +28,15 @@ function global_filter()
 	//处理跨域POST提交问题
 	if($_SERVER['REQUEST_METHOD'] == 'POST')
 	{
-		$url = parse_url($_SERVER['HTTP_REFERER']);
-		$referer_host = !empty($url['port']) && $url['port'] != '80' ? $url['host'].':'.$url['port'] : $url['host'];
-		if ($referer_host != $_SERVER['HTTP_HOST'])
+		//处理客户端POST请求处理没有HTTP_REFERER参数问题
+		if(isset($_SERVER['HTTP_REFERER']))
 		{
-           header_status_404();
+			$url = parse_url($_SERVER['HTTP_REFERER']);
+			$referer_host = !empty($url['port']) && $url['port'] != '80' ? $url['host'].':'.$url['port'] : $url['host'];
+			if($referer_host != $_SERVER['HTTP_HOST'])
+			{
+			   header_status_404();
+			}
 		}
 	}