1 <?php 2 require_once 'portabilityLayer.php'; 3 4 // This script detects requests that could not be sent before cross-site XMLHttpRequest appeared. 5 6 header("Expires: Thu, 01 Dec 2003 16:00:00 GMT"); 7 header("Cache-Control: no-cache, no-store, must-revalidate"); 8 header("Pragma: no-cache"); 9 10 if (!sys_get_temp_dir()) { 11 echo "FAIL: No temp dir was returned.\n"; 12 exit(); 13 } 14 15 function setState($newState, $file) 16 { 17 file_put_contents($file, $newState); 18 } 19 20 function getState($file) 21 { 22 if (!file_exists($file)) { 23 return ""; 24 } 25 return file_get_contents($file); 26 } 27 28 $stateFile = sys_get_temp_dir() . "/tripmine-status"; 29 $command = $_GET['command']; 30 if ($command) { 31 if ($command == "status") 32 echo getState($stateFile); 33 exit(); 34 } 35 36 $method = $_SERVER['REQUEST_METHOD']; 37 $contentType = $_SERVER['CONTENT_TYPE']; 38 39 if ($method == "OPTIONS") { 40 // Don't allow cross-site requests with preflight. 41 exit(); 42 } 43 44 // Only allow simple cross-site requests - since we did not allow preflight, this is all we should ever get. 45 46 if ($method != "GET" && $method != "HEAD" && $method != "POST") { 47 setState("FAIL. Non-simple method $method.", $stateFile); 48 exit(); 49 } 50 51 if (isset($contentType) 52 && !preg_match("/^application\/x\-www\-form\-urlencoded(;.+)?$/", $contentType) 53 && !preg_match("/^multipart\/form\-data(;.+)?$/", $contentType) 54 && !preg_match("/^text\/plain(;.+)?$/", $contentType)) { 55 setState("FAIL. Non-simple content type: $contentType.", $stateFile); 56 exit(); 57 } 58 59 if (isset($_SERVER['HTTP_X_WEBKIT_TEST'])) { 60 setState("FAIL. Custom header sent with a simple request.", $stateFile); 61 exit(); 62 } 63 ?> 64
