From af7309b807f05130b4188e92f70f9ddd792cf712 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Sat, 4 Mar 2017 22:09:45 +0900
Subject: [PATCH] Consistently use new domain system for URL::isInternalUrl()
 and checkCSRF()

---
 common/framework/security.php   |  8 ++++----
 common/legacy.php               | 19 +------------------
 modules/module/module.model.php |  2 +-
 3 files changed, 6 insertions(+), 23 deletions(-)

diff --git a/common/framework/security.php b/common/framework/security.php
index f0eb05fb3..751a8c4b0 100644
--- a/common/framework/security.php
+++ b/common/framework/security.php
@@ -310,10 +310,10 @@ class Security
 		if (!$referer)
 		{
 			$referer = strval($_SERVER['HTTP_REFERER']);
-			if ($referer === '')
-			{
-				return true;
-			}
+		}
+		if (strval($referer) === '')
+		{
+			return true;
 		}
 		
 		return URL::isInternalURL($referer);
diff --git a/common/legacy.php b/common/legacy.php
index a976c5a6f..f41ef8d9d 100644
--- a/common/legacy.php
+++ b/common/legacy.php
@@ -1051,24 +1051,7 @@ function requirePear()
  */
 function checkCSRF()
 {
-	// Use Rhymix Security class first.
-	if (Rhymix\Framework\Security::checkCSRF())
-	{
-		return true;
-	}
-	
-	// Check if we have a virtual site with a matching domain.
-	$oModuleModel = getModel('module');
-	$siteModuleInfo = $oModuleModel->getDefaultMid();
-	$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
-	if (strcasecmp($virtualSiteInfo->domain, Context::get('vid')) && stristr($virtualSiteInfo->domain, $referer_host))
-	{
-		return true;
-	}
-	else
-	{
-		return false;
-	}
+	return Rhymix\Framework\Security::checkCSRF();
 }
 
 /**
diff --git a/modules/module/module.model.php b/modules/module/module.model.php
index f6a3e633e..2c0863e22 100644
--- a/modules/module/module.model.php
+++ b/modules/module/module.model.php
@@ -97,7 +97,7 @@ class moduleModel extends module
 			$domain = Rhymix\Framework\URL::getDomainFromURL($domain);
 			if ($domain === false)
 			{
-				return null;
+				return false;
 			}
 		}
 		if (strpos($domain, 'xn--') !== false)