<?php
if (isset($_GET['source'])) {
show_source("index.php");
echo "(EOF)<hr>";
}
// Parse headers and validate according to the above.
$headers = getallheaders();
if (isset($headers['Sec-Fetch-Dest'])) {
$dest = $headers['Sec-Fetch-Dest'];
}
else {
exit("This does not appear to be a valid browser request.\n");
}
// XFO protection
$forbidden_destinations = [
'iframe' => "This page can not be embedded via iframe elements.\n",
'object' => "This page can not be embedded via object elements.\n",
'embed' => "This page can not be embedded via embed elements.\n",
'fencedframe' => "Sorry, but fencedframs are not a thing.\n",
'frame' => "Wow, the 90s called and want their frames back. No can do, friend.\n"
];
if (isset($forbidden_destinations[$dest])) {
exit($forbidden_destinations[$dest]);
}
?>
🎈<?php
if (isset($_GET['debug'])) {
echo "<pre>";
print_r($headers);
}
?>
(EOF)
This does not appear to be a valid browser request.