source: branches/version-2/data/Smarty/templates/default/products/review.tpl @ 17383

Revision 17383, 4.8 KB checked in by satou, 12 years ago (diff)

#314 商品レビュー投稿フォームの脆弱性対策を施しました。

  • Property svn:eol-style set to LF
  • Property svn:mime-type set to text/html; charset=UTF-8
Line 
1<!--{*
2/*
3 * This file is part of EC-CUBE
4 *
5 * Copyright(c) 2000-2008 LOCKON CO.,LTD. All Rights Reserved.
6 *
7 * http://www.lockon.co.jp/
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
22 */
23 *}-->
24<!--{include file="`$smarty.const.TEMPLATE_DIR`popup_header.tpl" subtitle="お客様の声書き込み(入力ページ)"}-->
25
26  <div id="windowarea">
27    <h2><img src="<!--{$TPL_DIR}-->img/products/review_title.jpg" width="500" height="40" alt="お客様の声書き込み" /></h2>
28    <p class="windowtext">以下の商品について、お客様のご意見、ご感想をどしどしお寄せください。<br />
29      「<span class="attention">※</span>」印は入力必須項目です。<br />
30       ご入力後、一番下の「確認ページへ」ボタンをクリックしてください。</p>
31        <form name="form1" method="post" action="<!--{$smarty.server.PHP_SELF|escape}-->">
32        <input type="hidden" name="mode" value="confirm" />
33        <input type="hidden" name="product_id" value="<!--{$arrForm.product_id}-->" />
34        <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
35        <table summary="お客様の声書き込み">
36          <tr>
37            <th>商品名</th>
38            <td><!--{$arrForm.name|escape}--></td>
39          </tr>
40          <tr>
41            <th>投稿者名<span class="attention">※</span></th>
42            <td><span class="attention"><!--{$arrErr.reviewer_name}--></span><input type="text" name="reviewer_name" value="<!--{$arrForm.reviewer_name|escape}-->" maxlength="<!--{$smarty.const.STEXT_LEN}-->" style="<!--{$arrErr.reviewer_name|sfGetErrorColor}-->" size="40" class="box350" /></td>
43          </tr>
44          <tr>
45            <th>ホームページアドレス</th>
46            <td><span class="attention"><!--{$arrErr.reviewer_url}--></span><input type="text" name="reviewer_url" value="<!--{$arrForm.reviewer_url|escape}-->" maxlength="<!--{$smarty.const.MTEXT_LEN}-->" style="<!--{$arrErr.reviewer_url|sfGetErrorColor}-->" size="40" class="box350" /></td>
47          </tr>
48          <tr>
49            <th>性別</th>
50            <td>
51              <input type="radio" name="sex" id="man" value="1" <!--{if $arrForm.sex eq 1}--> checked="checked"<!--{/if}--> /><label for="man">男性</label>&nbsp;
52              <input type="radio" name="sex" id="woman" value="2" <!--{if $arrForm.sex eq 2}--> checked="checked"<!--{/if}--> /><label for="woman">女性</label>
53            </td>
54          </tr>
55          <tr>
56            <th>おすすめレベル<span class="attention">※</span></th>
57            <td>
58              <span class="attention"><!--{$arrErr.recommend_level}--></span>
59              <select name="recommend_level" style="<!--{$arrErr.recommend_level|sfGetErrorColor}-->">
60                <option value="" selected="selected">選択してください</option>
61                  <!--{html_options options=$arrRECOMMEND selected=$arrForm.recommend_level}-->
62              </select>
63            </td>
64          </tr>
65          <tr>
66            <th>タイトル<span class="attention">※</span></th>
67            <td>
68              <span class="attention"><!--{$arrErr.title}--></span>
69              <input type="text" name="title" value="<!--{$arrForm.title|escape}-->" maxlength="<!--{$smarty.const.STEXT_LEN}-->" style="<!--{$arrErr.title|sfGetErrorColor}-->" size="40" class="box350" />
70            </td>
71          </tr>
72          <tr>
73            <th>コメント<span class="attention">※</span></th>
74            <td>
75              <span class="attention"><!--{$arrErr.comment}--></span>
76              <textarea name="comment" cols="50" rows="10" style="<!--{$arrErr.comment|sfGetErrorColor}-->" class="area350"><!--{$arrForm.comment|escape}--></textarea>
77            </td>
78          </tr>
79        </table>
80        <div class="btn">
81          <input type="image" onmouseover="chgImgImageSubmit('<!--{$TPL_DIR}-->img/common/b_confirm_on.gif',this)" onmouseout="chgImgImageSubmit('<!--{$TPL_DIR}-->img/common/b_confirm.gif',this)" src="<!--{$TPL_DIR}-->img/common/b_confirm.gif" class="box150" alt="確認ページへ" name="conf" id="conf" />
82        </div>
83      </form>
84    </div>
85
86<!--{include file="`$smarty.const.TEMPLATE_DIR`popup_footer.tpl"}-->
Note: See TracBrowser for help on using the repository browser.