Changeset 15056 for branches/beta/html/frontparts
- Timestamp:
- 2007/07/18 10:17:57 (17 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/beta/html/frontparts/login_check.php
r17 r15056 6 6 */ 7 7 require_once("../require.php"); 8 9 // ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨ 10 if (isset($_POST['url']) && lfIsValidURL() !== true) { 11 gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']); 12 sfDispSiteError(PAGE_ERROR); 13 } 8 14 9 15 $objCustomer = new SC_Customer(); … … 22 28 $arrErr = $objFormParam->checkError(); 23 29 $arrForm = $objFormParam->getHashArray(); 24 25 30 // ¥¯¥Ã¥¡¼ÊݸȽÄê 26 31 if ($arrForm['login_memory'] == "1" && $arrForm['login_email'] != "") { … … 73 78 $objFormParam->addParam("¥Ñ¥¹¥ï¡¼¥É", "login_pass", STEXT_LEN, "", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); 74 79 } 80 81 /* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/ 82 function lfIsValidURL() { 83 $site_url = sfIsHTTPS() ? SSL_URL : SITE_URL; 84 $check_url = trim($_POST['url']); 85 86 // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯ 87 $pattern = "|^$site_url|"; 88 if (!preg_match($pattern, $check_url)) { 89 return false; 90 } 91 92 // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯ 93 $pattern = '/\r|\n|\0|%0D|%0A|%00/'; 94 if (preg_match_all($pattern, $check_url, $matches)) { 95 return false; 96 } 97 98 return true; 99 } 100 75 101 ?>
Note: See TracChangeset
for help on using the changeset viewer.