Changeset 15035 for branches/rel/data/Smarty/templates/shopping/confirm.tpl

Timestamp:

2007/07/10 22:12:44 (17 years ago)

Author:

adati

Message:

任意のドライブおよび、フォルダの画像ファイル等にアクセスが可能な脆弱性を修正

File:

• branches/rel/data/Smarty/templates/shopping/confirm.tpl (modified) (1 diff)

branches/rel/data/Smarty/templates/shopping/confirm.tpl

@@ -46 +46 @@
                         <td align="center">
                             <a href="<!--{$smarty.server.PHP_SELF|escape}-->" onclick="win01('../products/detail_image.php?product_id=<!--{$arrProductsClass[cnt].product_id}-->&image=main_image','detail_image','<!--{$arrProductsClass[cnt].tpl_image_width}-->','<!--{$arrProductsClass[cnt].tpl_image_height}-->'); return false;" target="_blank">
-                                <img src="<!--{$smarty.const.SITE_URL}-->resize_image.php?image=<!--{$smarty.const.IMAGE_SAVE_DIR}-->/<!--{$arrProductsClass[cnt].main_list_image}-->&width=65&height=65" alt="<!--{$arrProductsClass[cnt].name|escape}-->">
+                                <img src="<!--{$smarty.const.SITE_URL}-->resize_image.php?image=<!--{$arrProductsClass[cnt].main_list_image}-->&width=65&height=65" alt="<!--{$arrProductsClass[cnt].name|escape}-->">
                             </a>
                         </td>