merge from 1.5.3.2 (r12460 ~ r12482)

git-svn-id: http://xe-core.googlecode.com/svn/branches/luminous@12491 201d5d3c-b55e-5fd7-737f-ddc643e51545
2026-04-02 01:52:10 +09:00 · 2012-12-28 02:34:15 +00:00 · 2012-12-28 02:34:15 +00:00 · a1cd4df78e
commit a1cd4df78e
parent 09ff5b94ac d03f045f02
2 changed files with 33 additions and 0 deletions
--- a/config/func.inc.php
+++ b/config/func.inc.php
@ -1131,6 +1131,24 @@
 		}
 	}

+	function checkCSRF()
+	{
+		if($_SERVER['REQUEST_METHOD'] != 'POST')
+		{
+			return false;
+		}
+
+		$defaultUrl = Context::getDefaultUrl();
+		$referer = parse_url($_SERVER["HTTP_REFERER"]);
+
+		if(!strstr($defaultUrl, $referer['host']))
+		{
+			return false;
+		}
+
+		return true;
+	}
+
 	/**
 	 * Print raw html header
 	 *