Version 3.5.3
1. 增加referer校验防御CSRF 2. 修复若干小bug 3. 更新IP库
This commit is contained in:
firesun
11
api.php
11
api.php
@@ -1,10 +1,17 @@
|
||||
<?php
|
||||
error_reporting(0);
|
||||
define("IN_XSS_PLATFORM", true);
|
||||
define('IN_XSS_PLATFORM', true);
|
||||
require_once('auth.php');
|
||||
require_once("dio.php");
|
||||
require_once('dio.php');
|
||||
header('Content-Type: application/json');
|
||||
|
||||
$referer_array = parse_url($_SERVER['HTTP_REFERER']);
|
||||
//CSRF防御
|
||||
if($referer_array['host'] != $_SERVER['HTTP_HOST']) {
|
||||
exit('Access Denied');
|
||||
}
|
||||
|
||||
|
||||
//与xss记录相关api
|
||||
if ( isset( $_GET['cmd'] ) ) {
|
||||
switch ( $_GET['cmd'] ) {
|
||||
|
||||
Reference in New Issue
Block a user