|
|
@@ -48,6 +48,7 @@ class Common(object):
|
|
|
|
|
|
self.referer = self.request.headers.get("Referer")
|
|
|
self.host = Demeter.host(self.data['site']['link'])
|
|
|
+ uri = self.request.protocol + "://" + self.request.host + self.request.uri
|
|
|
|
|
|
if not self.referer:
|
|
|
self.out('验证失败')
|
|
|
@@ -55,6 +56,9 @@ class Common(object):
|
|
|
if self.host != Demeter.host(self.referer):
|
|
|
self.out('验证失败')
|
|
|
|
|
|
+ if self.referer == uri:
|
|
|
+ self.out('验证失败')
|
|
|
+
|
|
|
|
|
|
self.param = self.service.signature(self.data['site']['id'], appid, self.data['site']['appsecret'], timestamp, nonce, file, file_id, uid, status)
|
|
|
|
|
|
@@ -279,7 +283,7 @@ class view_path(Load):
|
|
|
url = url + '/main/view?path=' + str(path) + '&file=' + file['key'] + '&file_id=' + file_id + '×tamp=' + timestamp + '&nonce=' + nonce + '&appid=' + appid + '&signature=' + signature + '&uid=' + uid + '&page='
|
|
|
content = content.replace('data-page-url="', 'data-page-url="' + url)
|
|
|
|
|
|
- script = script + '<script>document.domain="'+self.host+'";</script>'
|
|
|
+ script = '<script>document.domain="'+self.host+'";</script>'
|
|
|
content = content.replace('</body>', script + '</body>')
|
|
|
|
|
|
style = '<style>body{zoom:100%;}#page-container{background-color: white;background-image: none;overflow: hidden;}#sidebar{background-color: white;background-image: none;}.pf{margin-top:0px;margin-bottom:0px;border:0px solid #bababa;box-shadow:none}</style>'
|
dever