| Subcribe via RSS

Flir security check.

April 16th, 2009 | Comments Off | Posted in Code

This is the PHP snippet in the generate.php file from the FLIR.

This code will check if the request to generate the FLIR image is allowed or not.

if(false !== ALLOWED_DOMAIN && $_SERVER['HTTP_REFERER'] != '') {
    $refhost = get_hostname($_SERVER['HTTP_REFERER']);
    if(substr(ALLOWED_DOMAIN, 0, 1) == '.') {
        if(false === strpos($refhost, substr(ALLOWED_DOMAIN, 1)))
            err('DISALLOWED_DOMAIN');
    }else {
        if($refhost != ALLOWED_DOMAIN)
            err('DISALLOWED_DOMAIN');
    }
}
Tags: , ,