0001-created-function-csrf_check_referer.patch

From 3c3a3777c1875297281eefa86a7932e27f57518c Mon Sep 17 00:00:00 2001
From: Andrej A Antonov <[email protected]>
Date: Wed, 19 Oct 2011 19:55:32 +0400
Subject: [PATCH] created function csrf_check_referer()

---
 src/messenger/webim/libs/common.php |   21 ++++++++++++++++++++-
 1 files changed, 20 insertions(+), 1 deletions(-)

diff --git a/src/messenger/webim/libs/common.php b/src/messenger/webim/libs/common.php
index 75a52e6..21e6ab2 100644
--- a/src/messenger/webim/libs/common.php
+++ b/src/messenger/webim/libs/common.php
@@ -27,6 +27,25 @@ require_once(dirname(__FILE__) . '/config.php');
 $version = '1.6.4';
 $jsver = "164";
 
+function csrf_check_referer()
+{
+    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+        if (array_key_exists('HTTP_REFERER', $_SERVER) && $_SERVER['HTTP_REFERER']) {
+            $http_referer = $_SERVER['HTTP_REFERER'];
+            $parsed_http_referer = parse_url($http_referer);
+            
+            $valid_server_name = $_SERVER['SERVER_NAME'];
+            $referer_server_name = $parsed_http_referer['host'];
+            
+            if($referer_server_name != $valid_server_name) {
+                @header('Content-Type: text/plain;charset=utf-8');
+                die('Suspected to CSRF');
+            }
+        }
+    }
+}
+csrf_check_referer();
+
 function myiconv($in_enc, $out_enc, $string)
 {
 	global $_utf8win1251, $_win1251utf8;
@@ -687,4 +706,4 @@ function jspath()
 	return "js/$jsver";
 }
 
-?>
\ No newline at end of file
+?>
-- 
1.7.4.1