Changeset 16814
- Timestamp:
- 2007/11/28 00:55:41 (16 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/beta/html/frontparts/login_check.php
r15056 r16814 34 34 $objCookie->setCookie('login_email', ''); 35 35 } 36 36 37 37 if(count($arrErr) == 0) { 38 38 if($objCustomer->getCustomerDataFromEmailPass($arrForm['login_pass'], $arrForm['login_email'])) { … … 43 43 $where = "email ILIKE ? AND status = 1 AND del_flg = 0"; 44 44 $ret = $objQuery->count("dtb_customer", $where, array($arrForm['login_email'])); 45 45 46 46 if($ret > 0) { 47 47 sfDispSiteError(TEMP_LOGIN_ERROR); … … 59 59 // ¥í¥°¥¤¥ó¾ðÊó¤Î²òÊü 60 60 $objCustomer->EndSession(); 61 $mypage_url_search = strpos('.'.$_POST['url'], "mypage");62 61 //¥Þ¥¤¥Ú¡¼¥¸¥í¥°¥¤¥óÃæ¤Ï¥í¥°¥¤¥ó²èÌÌ¤Ø°Ü¹Ô 63 if ( $mypage_url_search == 2){64 header("Location: /mypage/login.php");62 if ( preg_match('/mypage/', $_POST['url']) ){ 63 header('Location: ' . URL_DIR . 'mypage/login.php'); 65 64 }else{ 66 header("Location: " . $_POST['url']); 65 header("Location: " . $_POST['url']); 67 66 } 68 67 exit; … … 81 80 /* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/ 82 81 function lfIsValidURL() { 83 $site_url = sfIsHTTPS() ? SSL_URL : SITE_URL; 84 $check_url = trim($_POST['url']); 85 86 // ¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯ 87 $pattern = "|^$site_url|"; 88 if (!preg_match($pattern, $check_url)) { 82 $arrValidUrl = array(SSL_URL, SITE_URL, '/'); 83 $targetUrl = $_POST['url']; 84 85 // $arrValidUrl¤Ë¥Þ¥Ã¥Á¤·¤Ê¤¤¾ì¹ç¤ÏÉÔÀµ¤ÊURL 86 $match = false; 87 foreach ($arrValidUrl as $validUrl) { 88 $pattern = sprintf('/^%s/' , preg_quote($validUrl, '/')); 89 gfPrintLog($pattern . ':' . $targetUrl); 90 if ( preg_match($pattern, $targetUrl) ) { 91 $match = true; 92 break; 93 } 94 } 95 if (!$match) return false; 96 97 // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¤ò´Þ¤à¾ì¹ç¤ÏÉÔÀµ¤ÊURL 98 $pattern = '/\r|\n|\0|%0D|%0A|%00/'; 99 if (preg_match_all($pattern, $targetUrl, $matches)) { 89 100 return false; 90 101 } 91 102 92 // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯93 $pattern = '/\r|\n|\0|%0D|%0A|%00/';94 if (preg_match_all($pattern, $check_url, $matches)) {95 return false;96 }97 98 103 return true; 99 104 }
Note: See TracChangeset
for help on using the changeset viewer.