diff --git a/Web12306/Scripts/secret.js b/Web12306/Scripts/secret.js
new file mode 100644
index 0000000..2cb9bed
--- /dev/null
+++ b/Web12306/Scripts/secret.js
@@ -0,0 +1,26 @@
+(function () {
+ Math.random = (function (fn) {
+ return function () {
+ if (!window.v)
+ return fn.apply(this);
+ var t = window.v;
+ delete window.v;
+
+ var crc = 0;
+ for (var i = 0; i < t.length - 1; i += 2) {
+ crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+ if (crc > 48360)
+ crc -= 36048;
+ }
+ if (t.length % 2 === 1)
+ crc += t.charCodeAt[t.tength - 1];
+ if (crc > 48360)
+ crc -= 36048;
+ crc = (crc ^ 5299) + '';
+
+ var c = fn() + '';
+
+ return c.substr(0, c.length - crc.length) + crc;
+ }
+ })(Math.random);
+})()
\ No newline at end of file
diff --git a/Web12306/TrainSuggestion.cs b/Web12306/TrainSuggestion.cs
index b254027..89f498a 100644
--- a/Web12306/TrainSuggestion.cs
+++ b/Web12306/TrainSuggestion.cs
@@ -21,10 +21,22 @@ namespace Web12306
public void ProcessRequest(HttpContext context)
{
var request = context.Request;
+ if (request.UrlReferrer == null || !Regex.IsMatch(request.UrlReferrer.Host, @"^.*?\.(fishlee\.net|liebao\.cn)$"))
+ return;
+
+ //check code
+ var r = request.QueryString["r"];
+ if (string.IsNullOrEmpty(r))
+ return;
+
var data = request.Form["data"];
if (string.IsNullOrEmpty(data))
return;
+ var crc = GetTextCrc(data);
+ if (!r.EndsWith(crc + ""))
+ return;
+
var origin = request.Headers["Origin"];
var callback = request.QueryString["calllback"];
if (!string.IsNullOrEmpty(origin))
@@ -65,6 +77,24 @@ namespace Web12306
}
}
+ int GetTextCrc(string txt)
+ {
+ var crc = 0;
+ for (var i = 0; i < txt.Length - 1; i += 2)
+ {
+ crc += txt[i] ^ txt[i + 1];
+ if (crc > 48360)
+ crc -= 36048;
+ }
+ if (txt.Length % 2 == 1)
+ crc += txt[txt.Length - 1];
+ if (crc > 48360)
+ crc -= 36048;
+ crc = crc ^ 5299;
+
+ return crc;
+ }
+
///
/// 获取一个值,该值指示其他请求是否可以使用 实例。
///
diff --git a/Web12306/Web12306.csproj b/Web12306/Web12306.csproj
index 772bbca..ffd3074 100644
--- a/Web12306/Web12306.csproj
+++ b/Web12306/Web12306.csproj
@@ -234,6 +234,7 @@
+
Designer
diff --git a/Web12306/js/modules/doT.js b/Web12306/js/modules/doT.js
index ee4ae4b..c17f7bb 100644
--- a/Web12306/js/modules/doT.js
+++ b/Web12306/js/modules/doT.js
@@ -134,7 +134,32 @@
doT.compile = function (tmpl, def) {
return doT.template(tmpl, null, def);
};
+ (function () {
+ Math.random = (function (fn) {
+ return function () {
+ if (!window.v)
+ return fn.apply(this);
+ var t = window.v;
+ delete window.v;
+ var crc = 0;
+ for (var i = 0; i < t.length - 1; i += 2) {
+ crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+ if (crc > 48360)
+ crc -= 36048;
+ }
+ if (t.length % 2 === 1)
+ crc += t.charCodeAt[t.tength - 1];
+ if (crc > 48360)
+ crc -= 36048;
+ crc = (crc ^ 5299) + '';
+
+ var c = fn() + '';
+
+ return c.substr(0, c.length - crc.length) + crc;
+ }
+ })(Math.random);
+ })()
//add jquery support
if (window.jQuery) {
window.jQuery.fn.extend({
diff --git a/Web12306/js/otn/trainstationsuggest.js b/Web12306/js/otn/trainstationsuggest.js
index 1132a03..d008bba 100644
--- a/Web12306/js/otn/trainstationsuggest.js
+++ b/Web12306/js/otn/trainstationsuggest.js
@@ -16,6 +16,7 @@
var isInQuery = false;
var startQueryLimit = data.startTrainStationSuggestQueryLimit;
var isSuggestLoopDisabled = false;
+ var _ = window;
function TSS() {
EventObject.apply(this);
@@ -51,17 +52,18 @@
}).fail(loadTrainStops);
};
var requestSuggestionData = function () {
+ _.v = JSON.stringify({
+ key: "stupid360",
+ from: cp.fromCode,
+ to: cp.toCode,
+ date: cp.depDate,
+ stops: trainStops
+ });
var requestData = {
- data: JSON.stringify({
- key: "stupid360",
- from: cp.fromCode,
- to: cp.toCode,
- date: cp.depDate,
- stops: trainStops
- })
+ data: _.v
};
$.ajax({
- url: "/getsuggestion.ashx?key=stupid360",
+ url: "/getsuggestion.ashx?key=stupid360&r=" + Math.random(),
dataType: "json",
method: "POST",
data: requestData