Merge pull request #183 from nobuhiko/fix#122

fixed #122
EC-CUBE · Mar 15, 2018 · 023b777 · 023b777
2 parents c77b857 + 98f822f
commit 023b777
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/data/class/util/SC_Utils.php b/data/class/util/SC_Utils.php
@@ -188,12 +188,11 @@ public static function sfIsSuccess(SC_Session $objSess, $disp_error = true)
             // TODO 警告表示させる？
             // sfErrorHeader('>> referrerが無効になっています。');
         } else {
-            $domain  = SC_Utils_Ex::sfIsHTTPS() ? HTTPS_URL : HTTP_URL;
-            $pattern = sprintf('|^%s.*|', $domain);
-            $referer = $_SERVER['HTTP_REFERER'];
+            $domain  = parse_url(HTTP_URL);
+            $referer = parse_url($_SERVER['HTTP_REFERER']);
 
             // 管理画面から以外の遷移の場合はエラー画面を表示
-            if (!preg_match($pattern, $referer)) {
+            if ($domain['host'] !== $referer['host']) {
                 if ($disp_error) SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
                 return false;
             }