Context Navigation

source: branches/comu-ver2/data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php @ 17700

Visit:

Revision 17700, 9.9 KB checked in by takegami, 15 years ago (diff)
EC-CUBE2.3.1,2.3.2の脆弱性を修正 r17698,r17678,r17679,r17680,r17682,r17684,r17685
Property svn:eol-style set to `LF` Property svn:keywords set to `Id Revision Date` Property svn:mime-type set to `text/x-httpd-php`

Line
1	<?php
2	/*
3	* This file is part of EC-CUBE
4	*
5	* Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved.
6	*
7	* http://www.lockon.co.jp/
8	*
9	* This program is free software; you can redistribute it and/or
10	* modify it under the terms of the GNU General Public License
11	* as published by the Free Software Foundation; either version 2
12	* of the License, or (at your option) any later version.
13	*
14	* This program is distributed in the hope that it will be useful,
15	* but WITHOUT ANY WARRANTY; without even the implied warranty of
16	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17	* GNU General Public License for more details.
18	*
19	* You should have received a copy of the GNU General Public License
20	* along with this program; if not, write to the Free Software
21	* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22	*/
23
24	// {{{ requires
25	require_once(CLASS_PATH . "pages/LC_Page.php");
26
27	/**
28	* お届け先追加のページクラス.
29	*
30	* @package Page
31	* @author LOCKON CO.,LTD.
32	* @version $Id$
33	*/
34	class LC_Page_Mypage_DeliveryAddr extends LC_Page {
35
36	// }}}
37	// {{{ functions
38
39	/**
40	* Page を初期化する.
41	*
42	* @return void
43	*/
44	function init() {
45	parent::init();
46	$this->tpl_mainpage = TEMPLATE_DIR . 'mypage/delivery_addr.tpl';
47	$this->tpl_title = "お届け先の追加･変更";
48	$masterData = new SC_DB_MasterData_Ex();
49	$this->arrPref= $masterData->getMasterData("mtb_pref",
50	array("pref_id", "pref_name", "rank"));
51	$this->allowClientCache();
52	}
53
54	/**
55	* Page のプロセス.
56	*
57	* @return void
58	*/
59	function process() {
60	$objView = new SC_SiteView(false);
61	$objQuery = new SC_Query();
62	$objCustomer = new SC_Customer();
63	$ParentPage = MYPAGE_DELIVADDR_URL;
64
65	// GETでページを指定されている場合には指定ページに戻す
66	if (isset($_GET['page'])) {
67	$ParentPage = htmlspecialchars($_GET['page'],ENT_QUOTES);
68	}
69	$this->ParentPage = $ParentPage;
70
71	//ログイン判定
72	if (!$objCustomer->isLoginSuccess()){
73	SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
74	}
75
76	if (!isset($_POST['mode'])) $_POST['mode'] = "";
77	if (!isset($_GET['other_deliv_id'])) $_GET['other_deliv_id'] = "";
78
79	if ($_POST['mode'] == ""){
80	$_SESSION['other_deliv_id'] = $_GET['other_deliv_id'];
81	}
82
83	if ($_GET['other_deliv_id'] != ""){
84	//不正アクセス判定
85	$flag = $objQuery->count("dtb_other_deliv", "customer_id=? AND other_deliv_id=?", array($objCustomer->getValue("customer_id"), $_SESSION['other_deliv_id']));
86	if (!$objCustomer->isLoginSuccess() \|\| $flag == 0){
87	SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
88	}
89	}
90
91	//別のお届け先ＤＢ登録用カラム配列
92	$arrRegistColumn = array(
93	array( "column" => "name01", "convert" => "aKV" ),
94	array( "column" => "name02", "convert" => "aKV" ),
95	array( "column" => "kana01", "convert" => "CKV" ),
96	array( "column" => "kana02", "convert" => "CKV" ),
97	array( "column" => "zip01", "convert" => "n" ),
98	array( "column" => "zip02", "convert" => "n" ),
99	array( "column" => "pref", "convert" => "n" ),
100	array( "column" => "addr01", "convert" => "aKV" ),
101	array( "column" => "addr02", "convert" => "aKV" ),
102	array( "column" => "tel01", "convert" => "n" ),
103	array( "column" => "tel02", "convert" => "n" ),
104	array( "column" => "tel03", "convert" => "n" ),
105	);
106
107
108	if ($_GET['other_deliv_id'] != ""){
109	//別のお届け先情報取得
110	$arrOtherDeliv = $objQuery->select("*", "dtb_other_deliv", "other_deliv_id=? ", array($_SESSION['other_deliv_id']));
111	$this->arrForm = $arrOtherDeliv[0];
112	}
113
114	switch ($_POST['mode']) {
115	case 'edit':
116	$_POST = $this->lfConvertParam($_POST,$arrRegistColumn);
117	$this->arrErr = $this->lfErrorCheck($_POST);
118	if ($this->arrErr){
119	foreach ($_POST as $key => $val){
120	if ($val != "") $this->arrForm[$key] = $val;
121	}
122	} else {
123	//別のお届け先登録数の取得
124	$deliv_count = $objQuery->count("dtb_other_deliv", "customer_id=?", array($objCustomer->getValue('customer_id')));
125	if ($deliv_count < DELIV_ADDR_MAX or isset($_POST['other_deliv_id'])){
126	if(strlen($_POST['other_deliv_id'] != 0)){
127	$deliv_count = $objQuery->count("dtb_other_deliv","customer_id=? and other_deliv_id = ?" ,array($objCustomer->getValue('customer_id'), $_POST['other_deliv_id']));
128	if ($deliv_count == 0) {
129	SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
130	}else{
131	$this->lfRegistData($_POST,$arrRegistColumn, $objCustomer);
132	}
133	}else{
134	$this->lfRegistData($_POST,$arrRegistColumn, $objCustomer);
135	}
136	}
137	if( $_POST['ParentPage'] == MYPAGE_DELIVADDR_URL \|\| $_POST['ParentPage'] == URL_DELIV_TOP ){
138	$this->tpl_onload = "fnUpdateParent('". $this->getLocation($_POST['ParentPage']) ."'); window.close();";
139	}else{
140	SC_Utils_Ex::sfDispSiteError(CUSTOMER_ERROR);
141	}
142	}
143	break;
144	}
145
146	$objView->assignobj($this);
147	$objView->display($this->tpl_mainpage);
148	}
149
150	/**
151	* デストラクタ.
152	*
153	* @return void
154	*/
155	function destroy() {
156	parent::destroy();
157	}
158
159	/* エラーチェック */
160	function lfErrorCheck() {
161	$objErr = new SC_CheckError();
162
163	$objErr->doFunc(array("お名前（姓）", 'name01', STEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK","MAX_LENGTH_CHECK"));
164	$objErr->doFunc(array("お名前（名）", 'name02', STEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK", "MAX_LENGTH_CHECK"));
165	$objErr->doFunc(array("フリガナ（姓）", 'kana01', STEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK", "MAX_LENGTH_CHECK", "KANA_CHECK"));
166	$objErr->doFunc(array("フリガナ（名）", 'kana02', STEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK", "MAX_LENGTH_CHECK", "KANA_CHECK"));
167	$objErr->doFunc(array("郵便番号1", "zip01", ZIP01_LEN ) ,array("EXIST_CHECK", "NUM_CHECK", "NUM_COUNT_CHECK"));
168	$objErr->doFunc(array("郵便番号2", "zip02", ZIP02_LEN ) ,array("EXIST_CHECK", "NUM_CHECK", "NUM_COUNT_CHECK"));
169	$objErr->doFunc(array("郵便番号", "zip01", "zip02"), array("ALL_EXIST_CHECK"));
170	$objErr->doFunc(array("都道府県", 'pref'), array("SELECT_CHECK","NUM_CHECK"));
171	$objErr->doFunc(array("ご住所（1）", "addr01", MTEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK","MAX_LENGTH_CHECK"));
172	$objErr->doFunc(array("ご住所（2）", "addr02", MTEXT_LEN), array("EXIST_CHECK","SPTAB_CHECK","MAX_LENGTH_CHECK"));
173	$objErr->doFunc(array("お電話番号1", 'tel01'), array("EXIST_CHECK","NUM_CHECK"));
174	$objErr->doFunc(array("お電話番号2", 'tel02'), array("EXIST_CHECK","NUM_CHECK"));
175	$objErr->doFunc(array("お電話番号3", 'tel03'), array("EXIST_CHECK","NUM_CHECK"));
176	$objErr->doFunc(array("お電話番号", "tel01", "tel02", "tel03", TEL_LEN) ,array("TEL_CHECK"));
177	return $objErr->arrErr;
178
179	}
180
181	/* 登録実行 */
182	function lfRegistData($array, $arrRegistColumn, &$objCustomer) {
183	$objConn = new SC_DBConn();
184	foreach ($arrRegistColumn as $data) {
185	if (strlen($array[ $data["column"] ]) > 0) {
186	$arrRegist[ $data["column"] ] = $array[ $data["column"] ];
187	}
188	}
189
190	$arrRegist['customer_id'] = $objCustomer->getvalue('customer_id');
191
192	//-- 編集登録実行
193	$objConn->query("BEGIN");
194	if ($array['other_deliv_id'] != ""){
195	$objConn->autoExecute("dtb_other_deliv", $arrRegist,
196	"other_deliv_id = "
197	. SC_Utils_Ex::sfQuoteSmart($array["other_deliv_id"]));
198	}else{
199	$objConn->autoExecute("dtb_other_deliv", $arrRegist);
200	}
201	$objConn->query("COMMIT");
202	}
203
204	//----　取得文字列の変換
205	function lfConvertParam($array, $arrRegistColumn) {
206	/*
207	* 文字列の変換
208	* K : 「半角(ﾊﾝｶｸ)片仮名」を「全角片仮名」に変換
209	* C : 「全角ひら仮名」を「全角かた仮名」に変換
210	* V : 濁点付きの文字を一文字に変換。"K","H"と共に使用します
211	* n : 「全角」数字を「半角(ﾊﾝｶｸ)」に変換
212	* a : 全角英数字を半角英数字に変換する
213	*/
214	// カラム名とコンバート情報
215	foreach ($arrRegistColumn as $data) {
216	$arrConvList[ $data["column"] ] = $data["convert"];
217	}
218
219	// 文字変換
220	foreach ($arrConvList as $key => $val) {
221	// POSTされてきた値のみ変換する。
222	if(strlen(($array[$key])) > 0) {
223	$array[$key] = mb_convert_kana($array[$key] ,$val);
224	}
225	}
226	return $array;
227	}
228	}
229	?>

Note: See TracBrowser for help on using the repository browser.

Download in other formats: