source: branches/version-2_5-dev/data/class/pages/LC_Page_ResizeImage.php @ 19987

Revision 19987, 2.6 KB checked in by Seasoft, 13 years ago (diff)

#834(パスに関わるパラメータ名が不適切)

  • *_REALDIR

#628(未使用処理・定義などの削除)

  • Property svn:eol-style set to LF
  • Property svn:keywords set to Id Revision Date
  • Property svn:mime-type set to text/x-httpd-php; charset=UTF-8
Line 
1<?php
2/*
3 * This file is part of EC-CUBE
4 *
5 * Copyright(c) 2000-2010 LOCKON CO.,LTD. All Rights Reserved.
6 *
7 * http://www.lockon.co.jp/
8 *
9 * This program is free software; you can redistribute it and/or
10 * modify it under the terms of the GNU General Public License
11 * as published by the Free Software Foundation; either version 2
12 * of the License, or (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License
20 * along with this program; if not, write to the Free Software
21 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
22 */
23
24// {{{ requires
25require_once(CLASS_REALDIR . "pages/LC_Page.php");
26require_once(DATA_REALDIR . "module/gdthumb.php");
27
28/**
29 * リサイズイメージ のページクラス.
30 *
31 * @package Page
32 * @author LOCKON CO.,LTD.
33 * @version $Id$
34 */
35class LC_Page_ResizeImage extends LC_Page {
36
37    // }}}
38    // {{{ functions
39
40    /**
41     * Page を初期化する.
42     *
43     * @return void
44     */
45    function init() {
46        parent::init();
47    }
48
49    /**
50     * Page のプロセス.
51     *
52     * @return void
53     */
54    function process() {
55        $objThumb = new gdthumb();
56
57        $file = NO_IMAGE_REALDIR;
58
59        // NO_IMAGE_REALDIR以外のファイル名が渡された場合、ファイル名のチェックを行う
60        if (strlen($_GET['image']) >= 1 && $_GET['image'] !== NO_IMAGE_REALDIR) {
61
62            // ファイル名が正しく、ファイルが存在する場合だけ、$fileを設定
63            if (!$this->lfCheckFileName()) {
64                GC_Utils_Ex::gfPrintLog('invalid access :resize_image.php $_GET["image"]=' . $_GET['image']);
65            }
66            else if (file_exists(IMAGE_SAVE_REALDIR . $_GET['image'])) {
67                $file = IMAGE_SAVE_REALDIR . $_GET['image'];
68            }
69        }
70
71        $objThumb->Main($file, $_GET["width"], $_GET["height"], "", true);
72    }
73
74    /**
75     * デストラクタ.
76     *
77     * @return void
78     */
79    function destroy() {
80        parent::destroy();
81    }
82
83    // ファイル名の形式をチェック
84    function lfCheckFileName() {
85        //$pattern = '|^[0-9]+_[0-9a-z]+\.[a-z]{3}$|';
86        $pattern = '|\./|';
87        $file    = trim($_GET["image"]);
88        if ( preg_match_all($pattern, $file, $matches) ) {
89            return false;
90        } else {
91            return true;
92        }
93    }
94}
95?>
Note: See TracBrowser for help on using the repository browser.