fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-05-04 17:44:38 +09:00
Code Issues Projects Releases Packages Wiki Activity

Consistently use new domain system for URL::isInternalUrl() and checkCSRF()

Browse source
This commit is contained in:
Kijin Sung 2017-03-04 22:09:45 +09:00
parent f1608ad3a9
commit af7309b807
3 changed files with 6 additions and 23 deletions
Download patch file Download diff file Expand all files Collapse all files

8
common/framework/security.php
View file

@ -310,10 +310,10 @@ class Security
if (!$referer) if (!$referer)
{ {
$referer = strval($_SERVER['HTTP_REFERER']); $referer = strval($_SERVER['HTTP_REFERER']);
if ($referer === '') }
{ if (strval($referer) === '')
return true; {
} return true;
} }
return URL::isInternalURL($referer); return URL::isInternalURL($referer);

19
common/legacy.php
View file

@ -1051,24 +1051,7 @@ function requirePear()
*/ */
function checkCSRF() function checkCSRF()
{ {
// Use Rhymix Security class first. return Rhymix\Framework\Security::checkCSRF();
if (Rhymix\Framework\Security::checkCSRF())
{
return true;
}
// Check if we have a virtual site with a matching domain.
$oModuleModel = getModel('module');
$siteModuleInfo = $oModuleModel->getDefaultMid();
$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
if (strcasecmp($virtualSiteInfo->domain, Context::get('vid')) && stristr($virtualSiteInfo->domain, $referer_host))
{
return true;
}
else
{
return false;
}
} }
/** /**

2
modules/module/module.model.php
View file

@ -97,7 +97,7 @@ class moduleModel extends module
$domain = Rhymix\Framework\URL::getDomainFromURL($domain); $domain = Rhymix\Framework\URL::getDomainFromURL($domain);
if ($domain === false) if ($domain === false)
{ {
return null; return false;
} }
} }
if (strpos($domain, 'xn--') !== false) if (strpos($domain, 'xn--') !== false)