Ignore:
Timestamp:
2007/07/11 12:53:23 (17 years ago)
Author:
adati
Message:

不正アクセス時にログをとるように修正

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/rel/html/resize_image.php

    r15035 r15037  
    55 
    66require_once($include_dir . HTML2DATA_DIR. "lib/gdthumb.php"); 
     7require_once($include_dir . HTML2DATA_DIR. "lib/glib.php"); 
    78require_once($include_dir . HTML2DATA_DIR. "conf/conf.php"); 
    89 
     
    1415if ( isset($_GET['image']) && $_GET['image'] !== NO_IMAGE_DIR) { 
    1516     
    16     //ÉÔÀµ¤Ê¥Õ¥¡¥¤¥ë̾¤¬ÅϤµ¤ì¤¿¾ì¹ç¤Ï½ªÎ»¤µ¤»¤ë 
    17     if ( lfCheckFileName() !== true ) { 
    18         exit(); 
     17    // ¥Õ¥¡¥¤¥ë̾¤¬Àµ¤·¤¤¾ì¹ç¤À¤±¡¢$file¤òÀßÄê 
     18    if ( lfCheckFileName() === true ) { 
     19        $file = IMAGE_SAVE_DIR . $_GET['image']; 
     20    } else { 
     21        gfPrintLog('invalid access :resize_image.php $_GET["image"]=' . $_GET['image']); 
    1922    } 
    20      
    21     $file = IMAGE_SAVE_DIR . $_GET['image']; 
    2223} 
    2324 
     
    3132function lfCheckFileName() { 
    3233    //$pattern = '|^[0-9]+_[0-9a-z]+\.[a-z]{3}$|'; 
    33     $pattern = '|\.\./|'; 
     34    $pattern = '|\./|'; 
    3435    $file    = trim($_GET["image"]); 
    3536    if ( preg_match_all($pattern, $file, $matches) ) { 
Note: See TracChangeset for help on using the changeset viewer.