Index: branches/5.3.x/core/kernel/application.php
===================================================================
diff -u -N -r16111 -r16124
--- branches/5.3.x/core/kernel/application.php	(.../application.php)	(revision 16111)
+++ branches/5.3.x/core/kernel/application.php	(.../application.php)	(revision 16124)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: application.php 16111 2014-12-07 14:49:01Z alex $
+* @version	$Id: application.php 16124 2015-01-01 14:06:22Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -468,28 +468,14 @@
 	 */
 	public function VerifyLanguageId()
 	{
-		$language_id = $this->GetVar('m_lang');
-
-		if ( !$language_id ) {
-			$language_id = 'default';
-		}
-
-		$this->SetVar('lang.current_id', $language_id);
-		$this->SetVar('m_lang', $language_id);
-
-		$lang_mode = $this->GetVar('lang_mode');
-		$this->SetVar('lang_mode', '');
-
+		/** @var LanguagesItem $lang */
 		$lang = $this->recallObject('lang.current');
-		/* @var $lang kDBItem */
 
 		if ( !$lang->isLoaded() || (!$this->isAdmin && !$lang->GetDBField('Enabled')) ) {
 			if ( !defined('IS_INSTALL') ) {
 				$this->ApplicationDie('Unknown or disabled language');
 			}
 		}
-
-		$this->SetVar('lang_mode', $lang_mode);
 	}
 
 	/**
@@ -530,16 +516,8 @@
 			return $path;
 		}
 
-		$theme_id = $this->GetVar('m_theme');
-		if ( !$theme_id ) {
-			$theme_id = 'default'; // $this->GetDefaultThemeId(1); // 1 to force front-end mode!
-		}
-
-		$this->SetVar('m_theme', $theme_id);
-		$this->SetVar('theme.current_id', $theme_id); // KOSTJA: this is to fool theme' getPassedID
-
+		/** @var ThemeItem $theme */
 		$theme = $this->recallObject('theme.current');
-		/* @var $theme ThemeItem */
 
 		if ( !$theme->isLoaded() || !$theme->GetDBField('Enabled') ) {
 			return false;
@@ -1942,8 +1920,8 @@
 				return;
 			}
 			else {
-				if ( $this->GetVar('ajax') == 'yes' && $t != $this->GetVar('t') ) {
-					// redirection to other then current template during ajax request
+				if ( $this->GetVar('ajax') == 'yes' && ($t != $this->GetVar('t') || !$this->isSOPSafe($location, $t)) ) {
+					// redirection to other then current template during ajax request OR SOP violation
 					kUtil::safeDefine('DBG_SKIP_REPORTING', 1);
 					echo '#redirect#' . $location;
 				}
@@ -1978,6 +1956,34 @@
 	}
 
 	/**
+	 * Determines if real redirect should be made within AJAX request.
+	 *
+	 * @param string $url      Location.
+	 * @param string $template Template.
+	 *
+	 * @return boolean
+	 * @link   http://en.wikipedia.org/wiki/Same-origin_policy
+	 */
+	protected function isSOPSafe($url, $template)
+	{
+		$parsed_url = parse_url($url);
+
+		if ( $parsed_url['scheme'] . '://' != PROTOCOL ) {
+			return false;
+		}
+
+		if ( $parsed_url['host'] != SERVER_NAME ) {
+			return false;
+		}
+
+		if ( defined('PORT') && isset($parsed_url['port']) && $parsed_url['port'] != PORT ) {
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
 	 * Returns translation of given label
 	 *
 	 * @param string $label