fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-09 12:02:24 +09:00
Code Issues Projects Releases Packages Wiki Activity

issue 2775 if virtual site, check CSRF change

Browse source 
git-svn-id: http://xe-core.googlecode.com/svn/branches/luminous@12498 201d5d3c-b55e-5fd7-737f-ddc643e51545
This commit is contained in:
ovclas 2013-01-02 01:59:00 +00:00
parent a1cd4df78e
commit 95690a41b5
1 changed files with 16 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

18
config/func.inc.php
View file

@ -1141,9 +1141,23 @@
$defaultUrl = Context::getDefaultUrl(); $defaultUrl = Context::getDefaultUrl();
$referer = parse_url($_SERVER["HTTP_REFERER"]); $referer = parse_url($_SERVER["HTTP_REFERER"]);
if(!strstr($defaultUrl, $referer['host'])) $oModuleModel = &getModel('module');
$siteModuleInfo = $oModuleModel->getDefaultMid();
if($siteModuleInfo->site_srl === 0)
{ {
return false; if(!strstr($defaultUrl, $referer['host']))
{
return false;
}
}
else
{
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
if(!strstr($virtualSiteInfo->domain, $referer['host']))
{
return false;
}
} }
return true; return true;