Changeset 14990


Ignore:
Timestamp:
2007/06/28 16:46:22 (13 years ago)
Author:
adati
Message:

CSRF対策:sfIsValidTransition()の追加、画面遷移の正当性をチェックする

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/rel/data/lib/slib.php

    r14950 r14990  
    465465 
    466466/* ǧ¾Ú¤Î²ÄÈÝȽÄê */ 
    467 function sfIsSuccess($objSess, $disp_error = true) {  
     467function sfIsSuccess($objSess, $disp_error = true) { 
    468468    $ret = $objSess->IsSuccess(); 
    469469    if($ret != SUCCESS) { 
     
    503503    // $_SERVER['HTTPS'] != 'off' ¤ÏIISÍÑ 
    504504    if (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off') { 
     505        return true; 
     506    } else { 
     507        return false; 
     508    } 
     509} 
     510 
     511/** 
     512 *  Àµµ¬¤ÎÁ«°Ü¤¬¤µ¤ì¤Æ¤¤¤ë¤«¤òȽÄê 
     513 *  Á°²èÌ̤Çuniqid¤òËä¤á¹þ¤ó¤Ç¤ª¤¯É¬Íפ¬¤¢¤ë 
     514 *  @param  obj  SC_Session, SC_SiteSession 
     515 *  @return bool 
     516 */ 
     517function sfIsValidTransition($objSess) { 
     518    // Á°²èÌ̤«¤éPOST¤µ¤ì¤ëuniqid¤¬Àµ¤·¤¤¤â¤Î¤«¤É¤¦¤«¤ò¥Á¥§¥Ã¥¯ 
     519    $uniqid = $objSess->getUniqId(); 
     520    if ( !empty($_POST['uniqid']) && ($_POST['uniqid'] === $uniqid) ) { 
    505521        return true; 
    506522    } else { 
Note: See TracChangeset for help on using the changeset viewer.