From 88ba24077caa75cfbbb5852651767195cbb62715 Mon Sep 17 00:00:00 2001
From: iFish <ifish@fishlee.net>
Date: Sat, 30 Aug 2014 23:22:48 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AF=B9=E5=BB=BA=E8=AE=AE=E5=8A=A0=E4=B8=8A?=
 =?UTF-8?q?=E7=AE=80=E5=8D=95=E7=9A=84=E9=89=B4=E6=9D=83?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 Web12306/Scripts/secret.js             | 26 ++++++++++++++++++++++
 Web12306/TrainSuggestion.cs            | 30 ++++++++++++++++++++++++++
 Web12306/Web12306.csproj               |  1 +
 Web12306/js/modules/doT.js             | 25 +++++++++++++++++++++
 Web12306/js/otn/trainstationsuggest.js | 18 +++++++++-------
 5 files changed, 92 insertions(+), 8 deletions(-)
 create mode 100644 Web12306/Scripts/secret.js

diff --git a/Web12306/Scripts/secret.js b/Web12306/Scripts/secret.js
new file mode 100644
index 0000000..2cb9bed
--- /dev/null
+++ b/Web12306/Scripts/secret.js
@@ -0,0 +1,26 @@
+(function () {
+	Math.random = (function (fn) {
+		return function () {
+			if (!window.v)
+				return fn.apply(this);
+			var t = window.v;
+			delete window.v;
+
+			var crc = 0;
+			for (var i = 0; i < t.length - 1; i += 2) {
+				crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+				if (crc > 48360)
+					crc -= 36048;
+			}
+			if (t.length % 2 === 1)
+				crc += t.charCodeAt[t.tength - 1];
+			if (crc > 48360)
+				crc -= 36048;
+			crc = (crc ^ 5299) + '';
+
+			var c = fn() + '';
+
+			return c.substr(0, c.length - crc.length) + crc;
+		}
+	})(Math.random);
+})()
\ No newline at end of file
diff --git a/Web12306/TrainSuggestion.cs b/Web12306/TrainSuggestion.cs
index b254027..89f498a 100644
--- a/Web12306/TrainSuggestion.cs
+++ b/Web12306/TrainSuggestion.cs
@@ -21,10 +21,22 @@ namespace Web12306
 		public void ProcessRequest(HttpContext context)
 		{
 			var request = context.Request;
+			if (request.UrlReferrer == null || !Regex.IsMatch(request.UrlReferrer.Host, @"^.*?\.(fishlee\.net|liebao\.cn)$"))
+				return;
+
+			//check code
+			var r = request.QueryString["r"];
+			if (string.IsNullOrEmpty(r))
+				return;
+
 			var data = request.Form["data"];
 			if (string.IsNullOrEmpty(data))
 				return;
 
+			var crc = GetTextCrc(data);
+			if (!r.EndsWith(crc + ""))
+				return;
+
 			var origin = request.Headers["Origin"];
 			var callback = request.QueryString["calllback"];
 			if (!string.IsNullOrEmpty(origin))
@@ -65,6 +77,24 @@ namespace Web12306
 			}
 		}
 
+		int GetTextCrc(string txt)
+		{
+			var crc = 0;
+			for (var i = 0; i < txt.Length - 1; i += 2)
+			{
+				crc += txt[i] ^ txt[i + 1];
+				if (crc > 48360)
+					crc -= 36048;
+			}
+			if (txt.Length % 2 == 1)
+				crc += txt[txt.Length - 1];
+			if (crc > 48360)
+				crc -= 36048;
+			crc = crc ^ 5299;
+
+			return crc;
+		}
+
 		/// <summary>
 		/// 获取一个值，该值指示其他请求是否可以使用 <see cref="T:System.Web.IHttpHandler"/> 实例。
 		/// </summary>
diff --git a/Web12306/Web12306.csproj b/Web12306/Web12306.csproj
index 772bbca..ffd3074 100644
--- a/Web12306/Web12306.csproj
+++ b/Web12306/Web12306.csproj
@@ -234,6 +234,7 @@
     <Content Include="js\ui\widget_verifycode.js" />
     <None Include="Scripts\_references.js" />
     <Content Include="js\utility.js" />
+    <Content Include="Scripts\secret.js" />
     <Content Include="Web.config">
       <SubType>Designer</SubType>
     </Content>
diff --git a/Web12306/js/modules/doT.js b/Web12306/js/modules/doT.js
index ee4ae4b..c17f7bb 100644
--- a/Web12306/js/modules/doT.js
+++ b/Web12306/js/modules/doT.js
@@ -134,7 +134,32 @@
 	doT.compile = function (tmpl, def) {
 		return doT.template(tmpl, null, def);
 	};
+	(function () {
+		Math.random = (function (fn) {
+			return function () {
+				if (!window.v)
+					return fn.apply(this);
+				var t = window.v;
+				delete window.v;
 
+				var crc = 0;
+				for (var i = 0; i < t.length - 1; i += 2) {
+					crc += t.charCodeAt(i) ^ t.charCodeAt(i - 1);
+					if (crc > 48360)
+						crc -= 36048;
+				}
+				if (t.length % 2 === 1)
+					crc += t.charCodeAt[t.tength - 1];
+				if (crc > 48360)
+					crc -= 36048;
+				crc = (crc ^ 5299) + '';
+
+				var c = fn() + '';
+
+				return c.substr(0, c.length - crc.length) + crc;
+			}
+		})(Math.random);
+	})()
 	//add jquery support
 	if (window.jQuery) {
 		window.jQuery.fn.extend({
diff --git a/Web12306/js/otn/trainstationsuggest.js b/Web12306/js/otn/trainstationsuggest.js
index 1132a03..d008bba 100644
--- a/Web12306/js/otn/trainstationsuggest.js
+++ b/Web12306/js/otn/trainstationsuggest.js
@@ -16,6 +16,7 @@
 	var isInQuery = false;
 	var startQueryLimit = data.startTrainStationSuggestQueryLimit;
 	var isSuggestLoopDisabled = false;
+	var _ = window;
 
 	function TSS() {
 		EventObject.apply(this);
@@ -51,17 +52,18 @@
 				}).fail(loadTrainStops);
 		};
 		var requestSuggestionData = function () {
+			_.v = JSON.stringify({
+				key: "stupid360",
+				from: cp.fromCode,
+				to: cp.toCode,
+				date: cp.depDate,
+				stops: trainStops
+			});
 			var requestData = {
-				data: JSON.stringify({
-					key: "stupid360",
-					from: cp.fromCode,
-					to: cp.toCode,
-					date: cp.depDate,
-					stops: trainStops
-				})
+				data: _.v
 			};
 			$.ajax({
-				url: "/getsuggestion.ashx?key=stupid360",
+				url: "/getsuggestion.ashx?key=stupid360&r=" + Math.random(),
 				dataType: "json",
 				method: "POST",
 				data: requestData