mgng · December 14, 2015 13:58
diff --git a/checkHasegawaCsrf.php b/checkHasegawaCsrf.php
 <?php

 //  via : http://d.hatena.ne.jp/hasegawayosuke/20130302/p1

 function checkHasegawaCsrf() {
  $host   = isset( $_SERVER['HTTP_HOST'] )   ? $_SERVER['HTTP_HOST']   : null;
  $xFrom  = isset( $_SERVER['HTTP_X_FROM'] ) ? $_SERVER['HTTP_X_FROM'] : null;
  $origin = isset( $_SERVER['HTTP_ORIGIN'] ) ? $_SERVER['HTTP_ORIGIN'] : null;
 
  if ( $host === null ) {
    // Host がない
    return false;
  }

  $server_name = $_SERVER['SERVER_NAME'];
  if ( preg_match( '/:\d+\z/', $host ) === 1 ) {
    $server_name .= ':' . $_SERVER['SERVER_PORT'];
  }
  if ( $host !== $server_name ) {
    // Host と ServerName が一致しない
    // XXX ベタ書きでもいいかも
    return false;
  }

  if ( $xFrom === null ) {
    // X-From がない
    return false;
  }
 
  $p = parse_url( $xFrom );
  $url = "{$p['scheme']}://{$p['host']}" . ( isset( $p['port'] ) ? ":{$p['port']}" : '' );
 
  if ( $origin !== null && $origin !== $url ) {
    // origin と X-From が一致しない
   return false;
  }
 
  return true;
 }
	<?php

	// via : http://d.hatena.ne.jp/hasegawayosuke/20130302/p1

	function checkHasegawaCsrf() {
	$host = isset( $_SERVER['HTTP_HOST'] ) ? $_SERVER['HTTP_HOST'] : null;
	$xFrom = isset( $_SERVER['HTTP_X_FROM'] ) ? $_SERVER['HTTP_X_FROM'] : null;
	$origin = isset( $_SERVER['HTTP_ORIGIN'] ) ? $_SERVER['HTTP_ORIGIN'] : null;

	if ( $host === null ) {
	// Host がない
	return false;
	}

	$server_name = $_SERVER['SERVER_NAME'];
	if ( preg_match( '/:\d+\z/', $host ) === 1 ) {
	$server_name .= ':' . $_SERVER['SERVER_PORT'];
	}
	if ( $host !== $server_name ) {
	// Host と ServerName が一致しない
	// XXX ベタ書きでもいいかも
	return false;
	}

	if ( $xFrom === null ) {
	// X-From がない
	return false;
	}

	$p = parse_url( $xFrom );
	$url = "{$p['scheme']}://{$p['host']}" . ( isset( $p['port'] ) ? ":{$p['port']}" : '' );

	if ( $origin !== null && $origin !== $url ) {
	// origin と X-From が一致しない
	return false;
	}

	return true;
	}