Index: branches/rel/data/lib/slib.php
===================================================================
--- branches/rel/data/lib/slib.php	(revision 13588)
+++ branches/rel/data/lib/slib.php	(revision 14950)
@@ -341,5 +341,5 @@
 			$objPage->tpl_error="¤³¤Î¥Õ¥¡¥¤¥ë¤Ë¤Ï¥¢¥¯¥»¥¹¸¢¸Â¤¬¤¢¤ê¤Þ¤»¤ó¡£<br />¤â¤¦°ìÅÙ¤´³Îǧ¤Î¤¦¤¨¡¢ºÆÅÙ¥í¥°¥¤¥ó¤·¤Æ¤¯¤À¤µ¤¤¡£";
 			break;
-		case PAGE_ERROR:
+		case INVALID_MOVE_ERRORR:
 			$objPage->tpl_error="ÉÔÀµ¤Ê¥Ú¡¼¥¸°ÜÆ°¤Ç¤¹¡£<br />¤â¤¦°ìÅÙ¤´³Îǧ¤Î¤¦¤¨¡¢ºÆÅÙÆþÎϤ·¤Æ¤¯¤À¤µ¤¤¡£";
 			break;
@@ -474,5 +474,37 @@
 		return false;
 	}
-	return true;		
+    // ¥ê¥Õ¥¡¥é¡¼¥Á¥§¥Ã¥¯(CSRF¤Î»ÃÄêŪ¤ÊÂкö)
+    // ¡Ö¥ê¥Õ¥¡¥é̵¡× ¤Î¾ì¹ç¤Ï¥¹¥ë¡¼
+    // ¡Ö¥ê¥Õ¥¡¥éÍ­¡× ¤«¤Ä ¡Ö´ÉÍý²èÌ̤«¤é¤ÎÁ«°Ü¤Ç¤Ê¤¤¡× ¾ì¹ç¤Ë¥¨¥é¡¼²èÌ̤òɽ¼¨¤¹¤ë
+    if ( empty($_SERVER['HTTP_REFERER']) ) {
+        // ·Ù¹ðɽ¼¨¤µ¤»¤ë¡©
+        // sfErrorHeader('>> referrer¤¬Ìµ¸ú¤Ë¤Ê¤Ã¤Æ¤¤¤Þ¤¹¡£');
+    } else {
+        $domain  = sfIsHTTPS() ? SSL_URL : SITE_URL;
+        $pattern = sprintf('|^%s.*|', $domain . 'admin/');
+        $referer = $_SERVER['HTTP_REFERER'];
+
+        // ´ÉÍý²èÌ̤«¤é°Ê³°¤ÎÁ«°Ü¤Î¾ì¹ç¤Ï¥¨¥é¡¼²èÌ̤òɽ¼¨
+        if (!preg_match($pattern, $referer)) {
+            if ($disp_error) sfDispError(INVALID_MOVE_ERRORR);
+            return false;
+        }
+    }
+    return true;
+}
+
+/**
+ * HTTPS¤«¤É¤¦¤«¤òȽÄê
+ * 
+ * @return bool
+ */
+function sfIsHTTPS () {
+    // HTTPS»þ¤Ë¤Ï$_SERVER['HTTPS']¤Ë¤Ï¶õ¤Ç¤Ê¤¤Ãͤ¬Æþ¤ë
+    // $_SERVER['HTTPS'] != 'off' ¤ÏIISÍÑ
+    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') {
+        return true;
+    } else {
+        return false;
+    }
 }