co3k · November 29, 2011 02:01 · co3k · Nov 29, 2011
diff --git a/au_f001_poc.php b/au_f001_poc.php
 <?php
 if (isset($_GET['view_source']))
 {
  highlight_file(__FILE__);
  exit;
 }

 if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
 {
  header('Content-Type: text/xml');
  echo '<res><ua>'.htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_COMPAT, 'UTF-8').'</ua><uid>'.htmlspecialchars(isset($_SERVER['HTTP_X_UP_SUBNO'], ENT_COMPAT, 'UTF-8') ? $_SERVER['HTTP_X_UP_SUBNO'] : 'not provided').'</uid></res>';
  exit;
 }
 ?>
 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
 <title>F001 test</title>
 <script type="text/javascript">
 function getResponse(header1, header2, name)
 {
  var xhr = new XMLHttpRequest();
  var result = document.getElementById(name+"_result");

  xhr.open("GET", "./au_f001.php");
  xhr.onreadystatechange = function()
  {
    if (xhr.readyState == 4)
    {
      result.innerHTML = xhr.responseText;
    }
    else
    {
      result.innerHTML = xhr.readyState;
    }
  };
  xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
  xhr.setRequestHeader(header1, 'KDDI-FJ31 UP.Browser/6.2_7.2.7.1.K.8.160 (GUI) MMP/2.0');
  xhr.setRequestHeader(header2, '99999999999999_ge.ezweb.ne.jp');
  xhr.send();
 }
 </script>
 </head>
 <body>
 <?php
 var_dump($_SERVER['HTTP_USER_AGENT']);
 ?>
 <p><a href="#" onclick="getResponse('User-Agent', 'X-Up-Subno', 'normal'); return false;">Normal</a></p>
 <p id="normal_result">
 </p>

 <p><a href="#" onclick="getResponse('User_Agent', 'X_Up_Subno', 'under'); return false;">Under</a></p>
 <p id="under_result">
 </p>

 <p><a href="#" onclick="getResponse('User.Agent', 'X.Up.Subno', 'dot'); return false;">Dot</a></p>
 <p id="dot_result">
 </p>

 <p><a href="./au_f001.php?view_source">View Source</a></p>
 </body>
 </html>
	<?php
	if (isset($_GET['view_source']))
	{
	highlight_file(__FILE__);
	exit;
	}

	if (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] == 'XMLHttpRequest')
	{
	header('Content-Type: text/xml');
	echo '<res><ua>'.htmlspecialchars($_SERVER['HTTP_USER_AGENT'], ENT_COMPAT, 'UTF-8').'</ua><uid>'.htmlspecialchars(isset($_SERVER['HTTP_X_UP_SUBNO'], ENT_COMPAT, 'UTF-8') ? $_SERVER['HTTP_X_UP_SUBNO'] : 'not provided').'</uid></res>';
	exit;
	}
	?>
	<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
	<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr">
	<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<title>F001 test</title>
	<script type="text/javascript">
	function getResponse(header1, header2, name)
	{
	var xhr = new XMLHttpRequest();
	var result = document.getElementById(name+"_result");

	xhr.open("GET", "./au_f001.php");
	xhr.onreadystatechange = function()
	{
	if (xhr.readyState == 4)
	{
	result.innerHTML = xhr.responseText;
	}
	else
	{
	result.innerHTML = xhr.readyState;
	}
	};
	xhr.setRequestHeader('X-Requested-With', 'XMLHttpRequest');
	xhr.setRequestHeader(header1, 'KDDI-FJ31 UP.Browser/6.2_7.2.7.1.K.8.160 (GUI) MMP/2.0');
	xhr.setRequestHeader(header2, '99999999999999_ge.ezweb.ne.jp');
	xhr.send();
	}
	</script>
	</head>
	<body>
	<?php
	var_dump($_SERVER['HTTP_USER_AGENT']);
	?>
	<p><a href="#" onclick="getResponse('User-Agent', 'X-Up-Subno', 'normal'); return false;">Normal</a></p>
	<p id="normal_result">
	</p>

	<p><a href="#" onclick="getResponse('User_Agent', 'X_Up_Subno', 'under'); return false;">Under</a></p>
	<p id="under_result">
	</p>

	<p><a href="#" onclick="getResponse('User.Agent', 'X.Up.Subno', 'dot'); return false;">Dot</a></p>
	<p id="dot_result">
	</p>

	<p><a href="./au_f001.php?view_source">View Source</a></p>
	</body>
	</html>