issue 2775 if virtual site, check CSRF change

git-svn-id: http://xe-core.googlecode.com/svn/branches/luminous@12498 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-04-02 01:52:10 +09:00 · 2013-01-02 01:59:00 +00:00 · 2013-01-02 01:59:00 +00:00 · 95690a41b5
commit 95690a41b5
parent a1cd4df78e
1 changed files with 16 additions and 2 deletions
--- a/config/func.inc.php
+++ b/config/func.inc.php
@ -1141,9 +1141,23 @@
 		$defaultUrl = Context::getDefaultUrl();
 		$referer = parse_url($_SERVER["HTTP_REFERER"]);

-		if(!strstr($defaultUrl, $referer['host']))
+		$oModuleModel = &getModel('module');
+		$siteModuleInfo = $oModuleModel->getDefaultMid();
+
+		if($siteModuleInfo->site_srl === 0)
 		{
-			return false;
+			if(!strstr($defaultUrl, $referer['host']))
+			{
+				return false;
+			}
+		}
+		else
+		{
+			$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
+			if(!strstr($virtualSiteInfo->domain, $referer['host']))
+			{
+				return false;
+			}
 		}

 		return true;