polymorphm/0001-created-function-csrf_check_referer.patch

## 0001-created-function-csrf_check_referer.patch
From 3c3a3777c1875297281eefa86a7932e27f57518c Mon Sep 17 00:00:00 2001
From: Andrej A Antonov <polymorphm@gmail.com>
Date: Wed, 19 Oct 2011 19:55:32 +0400
Subject: [PATCH] created function csrf_check_referer()

---
 src/messenger/webim/libs/common.php |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)

diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index 75a52e6..21e6ab2 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -27,6 +27,25 @@ require_once(dirname(__FILE__) . '/config.php');
 $version = '1.6.4';
 $jsver = "164";

+function csrf_check_referer()
+{
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+        if (array_key_exists('HTTP_REFERER', $_SERVER) && $_SERVER['HTTP_REFERER']) {
+            $http_referer = $_SERVER['HTTP_REFERER'];
+            $parsed_http_referer = parse_url($http_referer);
+
+            $valid_server_name = $_SERVER['SERVER_NAME'];
+            $referer_server_name = $parsed_http_referer['host'];
+
+            if($referer_server_name != $valid_server_name) {
+                @header('Content-Type: text/plain;charset=utf-8');
+                die('Suspected to CSRF');
+            }
+        }
+    }
+}
+csrf_check_referer();
+
 function myiconv($in_enc, $out_enc, $string)
 {
 	global $_utf8win1251, $_win1251utf8;
@@ -687,4 +706,4 @@ function jspath()
 	return "js/$jsver";
 }

-?>
\ No newline at end of file
+?>
--
1.7.4.1
	From 3c3a3777c1875297281eefa86a7932e27f57518c Mon Sep 17 00:00:00 2001
	From: Andrej A Antonov <polymorphm@gmail.com>
	Date: Wed, 19 Oct 2011 19:55:32 +0400
	Subject: [PATCH] created function csrf_check_referer()

	---
	src/messenger/webim/libs/common.php \| 21 ++++++++++++++++++++-
	1 files changed, 20 insertions(+), 1 deletions(-)

	diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
	index 75a52e6..21e6ab2 100644
	--- a/src/messenger/webim/libs/common.php
	+++ b/src/messenger/webim/libs/common.php
	@@ -27,6 +27,25 @@ require_once(dirname(__FILE__) . '/config.php');
	$version = '1.6.4';
	$jsver = "164";

	+function csrf_check_referer()
	+{
	+ if ($_SERVER['REQUEST_METHOD'] == 'POST') {
	+ if (array_key_exists('HTTP_REFERER', $_SERVER) && $_SERVER['HTTP_REFERER']) {
	+ $http_referer = $_SERVER['HTTP_REFERER'];
	+ $parsed_http_referer = parse_url($http_referer);
	+
	+ $valid_server_name = $_SERVER['SERVER_NAME'];
	+ $referer_server_name = $parsed_http_referer['host'];
	+
	+ if($referer_server_name != $valid_server_name) {
	+ @header('Content-Type: text/plain;charset=utf-8');
	+ die('Suspected to CSRF');
	+ }
	+ }
	+ }
	+}
	+csrf_check_referer();
	+
	function myiconv($in_enc, $out_enc, $string)
	{
	global $_utf8win1251, $_win1251utf8;
	@@ -687,4 +706,4 @@ function jspath()
	return "js/$jsver";
	}

	-?>
	\ No newline at end of file
	+?>
	--
	1.7.4.1