Ignore:
Timestamp:
2007/07/18 10:17:57 (17 years ago)
Author:
adati
Message:

relブランチのマージ(r12156-r15055)

File:
1 edited

Legend:

Unmodified
Added
Removed

  • branches/beta/html/frontparts/login_check.php

    r17 r15056  
    66 */ 
    77require_once("../require.php"); 
     8 
     9// ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨ 
     10if (isset($_POST['url']) && lfIsValidURL() !== true) { 
     11    gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']); 
     12    sfDispSiteError(PAGE_ERROR); 
     13} 
    814 
    915$objCustomer = new SC_Customer(); 
     
    2228    $arrErr = $objFormParam->checkError(); 
    2329    $arrForm =  $objFormParam->getHashArray(); 
    24      
    2530    // ¥¯¥Ã¥­¡¼ÊݸȽÄê 
    2631    if ($arrForm['login_memory'] == "1" && $arrForm['login_email'] != "") { 
     
    7378    $objFormParam->addParam("¥Ñ¥¹¥ï¡¼¥É", "login_pass", STEXT_LEN, "", array("EXIST_CHECK", "MAX_LENGTH_CHECK")); 
    7479} 
     80 
     81/* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/ 
     82function lfIsValidURL() { 
     83    $site_url  = sfIsHTTPS() ? SSL_URL : SITE_URL; 
     84    $check_url = trim($_POST['url']); 
     85     
     86    // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯ 
     87    $pattern = "|^$site_url|"; 
     88    if (!preg_match($pattern, $check_url)) { 
     89        return false; 
     90    } 
     91 
     92    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯ 
     93    $pattern = '/\r|\n|\0|%0D|%0A|%00/'; 
     94    if (preg_match_all($pattern, $check_url, $matches)) { 
     95        return false; 
     96    } 
     97     
     98    return true; 
     99} 
     100 
    75101?> 
Note: See TracChangeset for help on using the changeset viewer.