From 3614cef84a38c4847852e957df417f00a2cbc242 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 15 Feb 2016 20:15:27 +0900
Subject: [PATCH 1/2] Modify checkCSRF() to always allow requests from the same
 hostname

---
 common/legacy.php | 64 +++++++++++++++++++++++++++++------------------
 1 file changed, 40 insertions(+), 24 deletions(-)

diff --git a/common/legacy.php b/common/legacy.php
index f43b17e0d..c2184e77e 100644
--- a/common/legacy.php
+++ b/common/legacy.php
@@ -1342,42 +1342,58 @@ function requirePear()
  */
 function checkCSRF()
 {
-	if($_SERVER['REQUEST_METHOD'] != 'POST')
+	// If this is not a POST request, FAIL.
+	if ($_SERVER['REQUEST_METHOD'] != 'POST')
 	{
-		return FALSE;
+		return false;
 	}
-
+	
+	// Get the referer. If the referer is empty, PASS.
+	$referer = strval($_SERVER['HTTP_REFERER']);
+	if ($referer === '')
+	{
+		return true;
+	}
+	if (strpos($referer, 'xn--') !== false)
+	{
+		$referer = Context::decodeIdna($referer);
+	}
+	$referer_host = parse_url($referer, PHP_URL_HOST);
+	
+	// If the referer is the same domain as the current host, PASS.
+	$current_host = $_SERVER['HTTP_HOST'];
+	if (strpos($current_host, 'xn--') !== false)
+	{
+		$current_host = Context::decodeIdna($current_host);
+	}
+	if ($referer_host === $current_host)
+	{
+		return true;
+	}
+	
+	// If the referer is the same domain as the default URL, PASS.
 	$default_url = Context::getDefaultUrl();
-	$referer = $_SERVER["HTTP_REFERER"];
-
-	if(strpos($default_url, 'xn--') !== FALSE && strpos($referer, 'xn--') === FALSE)
+	if (strpos($default_url, 'xn--') !== false)
 	{
-		$referer = Context::encodeIdna($referer);
+		$default_url = Context::decodeIdna($default_url);
 	}
-
-	$default_url = parse_url($default_url);
-	$referer = parse_url($referer);
-
+	if ($referer_host === parse_url($default_url, PHP_URL_HOST))
+	{
+		return true;
+	}
+	
+	// Check if we have a virtual site with a matching domain.
 	$oModuleModel = getModel('module');
 	$siteModuleInfo = $oModuleModel->getDefaultMid();
-
-	if($siteModuleInfo->site_srl == 0)
+	$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
+	if (strcasecmp($virtualSiteInfo->domain, Context::get('vid')) && stristr($virtualSiteInfo->domain, $referer_host))
 	{
-		if($default_url['host'] !== $referer['host'])
-		{
-			return FALSE;
-		}
+		return true;
 	}
 	else
 	{
-		$virtualSiteInfo = $oModuleModel->getSiteInfo($siteModuleInfo->site_srl);
-		if(strtolower($virtualSiteInfo->domain) != strtolower(Context::get('vid')) && !strstr(strtolower($virtualSiteInfo->domain), strtolower($referer['host'])))
-		{
-			return FALSE;
-		}
+		return false;
 	}
-
-	return TRUE;
 }
 
 /**

From 19469a7b0d43913f0577e8323331c738ccf720b6 Mon Sep 17 00:00:00 2001
From: Kijin Sung <kijin@kijinsung.com>
Date: Mon, 15 Feb 2016 20:16:03 +0900
Subject: [PATCH 2/2] After changing the default URL, redirect to new default
 URL

---
 modules/admin/admin.admin.controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/modules/admin/admin.admin.controller.php b/modules/admin/admin.admin.controller.php
index 09580f1d8..8d6e8cd1a 100644
--- a/modules/admin/admin.admin.controller.php
+++ b/modules/admin/admin.admin.controller.php
@@ -690,7 +690,7 @@ class adminAdminController extends admin
 		Rhymix\Framework\Config::save();
 		
 		$this->setMessage('success_updated');
-		$this->setRedirectUrl(Context::get('success_return_url') ?: getNotEncodedUrl('', 'act', 'dispAdminConfigAdvanced'));
+		$this->setRedirectUrl(Context::get('success_return_url') ?: $default_url . 'index.php?act=dispAdminConfigAdvanced');
 	}
 	
 	/**