Subversion Repositories cheapmusic

Rev

Rev 17 | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 17 Rev 20
Line 1... Line 1...
1 
<?php
 1 
<?php
2 
if ($_SERVER["SERVER_NAME"] == "www.findcheapmusic.com") {
 - 
 
3 
  header("Strict-Transport-Security: max-age=31536000; includeSubDomains; preload");
 - 
 
4 
  header(&quot;X-Content-Type-Options: nosniff&quot;);
 2 
include_once(&apos;php/dnsexit.php&apos;);
5 
  header("X-XSS-Protection: 1; mode=block");
 - 
 
6 
  header("Access-Control-Allow-Origin: *");
 - 
 
7 
  header("Referrer-Policy: no-referrer");
 - 
 
8 
  header("X-Frame-Options: SAMEORIGIN");
 - 
 
9 
  header("Set-Cookie: ^(.*)$ $1;HttpOnly;Secure");
 - 
 
10 
  header("Content-Security-Policy:  default-src 'none'; img-src 'self'; script-src 'unsafe-inline'; style-src 'unsafe-inline';frame-ancestors 'self'");
 - 
 
11 
}
 - 
 
12 
 
 3 
 
13 
if (isset($_GET["target"])) {
 4 
if (isset($_GET["target"])) {
14 
 
 5 
 
15 
    $location = base64_decode($_GET["target"]);
 6 
    $location = base64_decode($_GET["target"]);
16
7
17 
    saveRedirect();
 8 
    saveRedirect();
18 
    printHeader();
 9 
    printHeader();
19 
    printMessage($location);
 10 
    printMessage($location);
20 
    printFooter();
 11 
    printFooter();
21 
    session_commit();
- 
 
22
12
23 
    echo '<script type="text/javascript">setTimeout( function() { location.href="' . $location . '"; }, 250);</script>';
 13 
    echo '<script type="text/javascript">setTimeout( function() { location.href="' . $location . '"; }, 250);</script>';
24 
 
 14 
 
25 
    exit;
 15 
    exit;
26 
 
 16 
 
Line 73... Line 63...
73 
    ini_set("session.cookie_httponly", 1);
 63 
    ini_set("session.cookie_httponly", 1);
74 
    ini_set("session.cookie_secure", 1);
 64 
    ini_set("session.cookie_secure", 1);
75 
    session_set_save_handler($handler, true);
 65 
    session_set_save_handler($handler, true);
76 
    @session_start();
 66 
    @session_start();
77 
 
 67 
 
78 
    $_sess_db = $handler->getDBSessionId();
 68 
    $_sess_db = MySessionHandler::getDBSessionId();
79
69
80 
    $access = mysqli_real_escape_string($_sess_db, time());
 70 
    $access = mysqli_real_escape_string($_sess_db, time());
81 
    $url = mysqli_real_escape_string($_sess_db, base64_decode($_GET["target"]));
 71 
    $url = mysqli_real_escape_string($_sess_db, base64_decode($_GET["target"]));
82 
 
 72 
 
83 
    $sql = "INSERT
 73 
    $sql = "INSERT