Index: /branches/rel/html/input_zip.php
===================================================================
--- /branches/rel/html/input_zip.php (revision 12157)
+++ /branches/rel/html/input_zip.php (revision 15313)
@@ -56,4 +56,5 @@
// ͹ÊØÈֹ椬ȯ¸«¤µ¤ì¤¿¾ì¹ç
if(count($data_list) > 0) {
+ lfCheckInput();
$func = "fnPutAddress('" . $_GET['input1'] . "','" . $_GET['input2']. "');";
$objPage->tpl_onload = "$func";
@@ -70,12 +71,30 @@
function fnErrorCheck() {
// ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸ÇÛÎó¤Î½é´ü²½
- $objErr = new SC_CheckError();
-
+ $objErr = new SC_CheckError($_GET);
+
// ͹ÊØÈÖ¹æ
- $objErr->doFunc( array("͹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_COUNT_CHECK" ) );
- $objErr->doFunc( array("͹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_COUNT_CHECK" ) );
-
+ $objErr->doFunc( array("͹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) );
+ $objErr->doFunc( array("͹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) );
+
return $objErr->arrErr;
}
+/**
+ * input1,2¤ÎÆþÎÏ¥Á¥§¥Ã¥¯
+ * ±Ñ¿ô»ú¥¢¥ó¥À¡¼¥Ð¡¼°Ê³°¤¬ÆþÎϤµ¤ì¤¿¾ì¹ç¡¢
+ * ÉÔÀµ¤Ê¥¢¥¯¥»¥¹¤È¤ß¤Ê¤·¥¨¥é¡¼²èÌ̤ØÁ«°Ü
+ * @param void
+ * @return void
+ */
+function lfCheckInput(){
+ $pattern = "/^[0-9a-z_]+$/";
+ foreach (array('input1', 'input2') as $key_name) {
+ $ret = preg_match_all($pattern, $_GET[$key_name], $matches);
+ if (!$ret) {
+ $msg = sprintf('invalid param: $_GET[%s]="%s"', $key_name, $_GET[$key_name]);
+ gfPrintLog($msg);
+ sfDispSiteError('');
+ }
+ }
+}
?>