Changeset 15037 for branches/rel/html/resize_image.php
- Timestamp:
- 2007/07/11 12:53:23 (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/rel/html/resize_image.php
r15035 r15037 5 5 6 6 require_once($include_dir . HTML2DATA_DIR. "lib/gdthumb.php"); 7 require_once($include_dir . HTML2DATA_DIR. "lib/glib.php"); 7 8 require_once($include_dir . HTML2DATA_DIR. "conf/conf.php"); 8 9 … … 14 15 if ( isset($_GET['image']) && $_GET['image'] !== NO_IMAGE_DIR) { 15 16 16 //ÉÔÀµ¤Ê¥Õ¥¡¥¤¥ë̾¤¬ÅϤµ¤ì¤¿¾ì¹ç¤Ï½ªÎ»¤µ¤»¤ë 17 if ( lfCheckFileName() !== true ) { 18 exit(); 17 // ¥Õ¥¡¥¤¥ë̾¤¬Àµ¤·¤¤¾ì¹ç¤À¤±¡¢$file¤òÀßÄê 18 if ( lfCheckFileName() === true ) { 19 $file = IMAGE_SAVE_DIR . $_GET['image']; 20 } else { 21 gfPrintLog('invalid access :resize_image.php $_GET["image"]=' . $_GET['image']); 19 22 } 20 21 $file = IMAGE_SAVE_DIR . $_GET['image'];22 23 } 23 24 … … 31 32 function lfCheckFileName() { 32 33 //$pattern = '|^[0-9]+_[0-9a-z]+\.[a-z]{3}$|'; 33 $pattern = '|\. \./|';34 $pattern = '|\./|'; 34 35 $file = trim($_GET["image"]); 35 36 if ( preg_match_all($pattern, $file, $matches) ) {
Note: See TracChangeset
for help on using the changeset viewer.