Changeset 18792
- Timestamp:
- 2010/08/26 10:42:00 (14 years ago)
- bzr:base-revision:
- ohkouchi@loop-az.jp-20100825073846-mzg8ka4y21o1nk6o
- bzr:committer:
- Kentaro Ohkouchi <ohkouchi@loop-az.jp>
- bzr:file-ids:
data/class/SC_CustomerList.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2FSC_CustomerList.php
data/class/SC_SelectSql.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2FSC_SelectSql.php
data/class/pages/admin/mail/LC_Page_Admin_Mail.php 15640@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fmail%2FLC_Page_Admin_Mail.php
data/class/pages/admin/order/LC_Page_Admin_Order.php 15584@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Forder%2FLC_Page_Admin_Order.php
data/class/pages/admin/products/LC_Page_Admin_Products.php 15342@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products.php
data/class/pages/admin/products/LC_Page_Admin_Products_Review.php 15537@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products_Review.php
data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php 15546@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fadmin%2Fproducts%2FLC_Page_Admin_Products_Trackback.php
data/class/pages/products/LC_Page_Products_List.php 15154@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Fpages%2Fproducts%2FLC_Page_Products_List.php
data/class/util/SC_Utils.php 15078@1e3b908f-19a9-db11-a64c-001125224ba8:branches%2Ffeature-module-update%2Fdata%2Fclass%2Futil%2FSC_Utils.php- bzr:mapping-version:
- v4
- bzr:repository-uuid:
- 1e3b908f-19a9-db11-a64c-001125224ba8
- bzr:revision-id:
- ohkouchi@loop-az.jp-20100826014156-g12l1o38gsj73acs
- bzr:revno:
- 2275
- bzr:revprop:branch-nick:
- branches/version-2_5-dev
- bzr:root:
- branches/version-2_5-dev
- bzr:text-parents:
data/class/SC_CustomerList.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/SC_SelectSql.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/admin/mail/LC_Page_Admin_Mail.php ohkouchi@loop-az.jp-20100819104758-beubop5hq0pwdqhx
data/class/pages/admin/order/LC_Page_Admin_Order.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/pages/admin/products/LC_Page_Admin_Products.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow
data/class/pages/admin/products/LC_Page_Admin_Products_Review.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php ohkouchi@loop-az.jp-20100614082857-g3n9wn9zakpc7a0m
data/class/pages/products/LC_Page_Products_List.php ohkouchi@loop-az.jp-20100803111301-u8ph4za35y4il0dh
data/class/util/SC_Utils.php ohkouchi@loop-az.jp-20100820090626-dkyj2ngdh7vklaow- bzr:timestamp:
- 2010-08-26 10:41:56.190000057 +0900
- bzr:user-agent:
- bzr2.1.2+bzr-svn1.0.2
- svn:original-date:
- 2010-08-26T01:41:56.190000Z
- Location:
- branches/version-2_5-dev/data/class
- Files:
-
- 9 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/version-2_5-dev/data/class/SC_CustomerList.php
r18789 r18792 317 317 //カテゴリーを選択している場合のみ絞込検索を行う 318 318 if (!isset($this->arrSql['category_id'])) $this->arrSql['category_id'] = ""; 319 if ( strlen($this->arrSql['category_id']) != ""){319 if ( strlen($this->arrSql['category_id']) > 0){ 320 320 //カテゴリーで絞込検索を行うSQL文生成 321 list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere( SC_Utils_Ex::sfManualEscape($this->arrSql['category_id']));321 list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere($this->arrSql['category_id']); 322 322 323 323 //カテゴリーで絞込みが可能の場合 -
branches/version-2_5-dev/data/class/SC_SelectSql.php
r18701 r18792 59 59 // 検索用 60 60 function addSearchStr($val) { 61 $return = SC_Utils_Ex::sfManualEscape($val); 62 $return = "%" .$return. "%"; 61 $return = "%" .$val. "%"; 63 62 return $return; 64 63 } -
branches/version-2_5-dev/data/class/pages/admin/mail/LC_Page_Admin_Mail.php
r18788 r18792 229 229 if (empty($this->arrErr)) { 230 230 $this->list_data['name'] = isset($this->list_data['name']) 231 ? SC_Utils_Ex::sfManualEscape($this->list_data['name']): "";231 ? $this->list_data['name'] : ""; 232 232 // hidden要素作成 233 233 $this->arrHidden = $this->lfGetHidden($this->list_data); … … 300 300 // 検索開始 301 301 if (empty($this->arrErr)) { 302 $this->list_data['name'] = isset($this->list_data['name']) ? SC_Utils_Ex::sfManualEscape($this->list_data['name']): "";302 $this->list_data['name'] = isset($this->list_data['name']) ? $this->list_data['name'] : ""; 303 303 $this->arrHidden = $this->lfGetHidden($this->list_data); // hidden要素作成 304 304 … … 352 352 $this->list_data['name'] = 353 353 isset($this->list_data['name']) 354 ? SC_Utils_Ex::sfManualEscape($this->list_data['name']): "";354 ? $this->list_data['name'] : ""; 355 355 356 356 if ( $_POST['mode'] == 'regist_confirm'){ … … 410 410 $from = "dtb_order LEFT JOIN dtb_order_detail USING(order_id)"; 411 411 $where = "product_code LIKE ? AND del_flg = 0"; 412 $val = SC_Utils_Ex::sfManualEscape($keyword);413 $arrVal[] = "%$val%";414 412 $objQuery = new SC_Query(); 415 413 $objQuery->setGroupBy("customer_id, order_id"); 416 $arrRet = $objQuery->select($col, $from, $where, $arrVal);414 $arrRet = $objQuery->select($col, $from, $where, array($keyword)); 417 415 $arrCustomerOrderId = SC_Utils_Ex::sfArrKeyValues($arrRet, "customer_id", "order_id"); 418 416 } -
branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order.php
r18789 r18792 137 137 continue; 138 138 } 139 $val = SC_Utils_Ex::sfManualEscape($val);140 139 141 140 $dbFactory = SC_DB_DBFactory::getInstance(); -
branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products.php
r18789 r18792 159 159 $arrval = array(); 160 160 foreach ($this->arrForm as $key => $val) { 161 $val = SC_Utils_Ex::sfManualEscape($val);162 161 163 162 if($val == "") { … … 200 199 break; 201 200 case 'search_startyear': // 登録更新日(FROM) 201 // FIXME POST の値をチェックする 202 202 $date = SC_Utils_Ex::sfGetTimestamp($_POST['search_startyear'], $_POST['search_startmonth'], $_POST['search_startday']); 203 203 $where.= " AND update_date >= '" . $_POST['search_startyear'] . "/" . $_POST['search_startmonth']. "/" .$_POST['search_startday'] . "'"; -
branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Review.php
r18701 r18792 128 128 if (!$this->arrErr){ 129 129 foreach ($_POST as $key => $val){ 130 131 $val = SC_Utils_Ex::sfManualEscape($val);132 130 133 131 if($val == "") { -
branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php
r18701 r18792 117 117 foreach ($_POST as $key => $val) { 118 118 119 $val = SC_Utils_Ex::sfManualEscape($val);120 121 119 if ($val == "") { 122 120 continue; -
branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_List.php
r18773 r18792 346 346 if ( strlen($val) > 0 ) { 347 347 $where .= " AND ( name ILIKE ? OR comment3 ILIKE ?) "; 348 $ret = SC_Utils_Ex::sfManualEscape($val); 349 $arrval[] = "%$ret%"; 350 $arrval[] = "%$ret%"; 348 $arrval[] = "%$val%"; 349 $arrval[] = "%$val%"; 351 350 } 352 351 } -
branches/version-2_5-dev/data/class/util/SC_Utils.php
r18789 r18792 994 994 995 995 /** 996 * 特殊制御文字の手動エスケープ997 * @deprecated ブレースホルダを使用すること998 */999 function sfManualEscape($data) {1000 $objQuery =& SC_Query::getSingletonInstance();1001 // 配列でない場合1002 if(!is_array($data)) {1003 $ret = $objQuery->quote($data);1004 $ret = ereg_replace("%", "\\%", $ret);1005 $ret = ereg_replace("_", "\\_", $ret);1006 return $ret;1007 }1008 1009 // 配列の場合1010 foreach($data as $val) {1011 $ret = $objQuery->quote($val);1012 $ret = ereg_replace("%", "\\%", $ret);1013 $ret = ereg_replace("_", "\\_", $ret);1014 $arrRet[] = $ret;1015 }1016 1017 return $arrRet;1018 }1019 1020 /**1021 996 * ドメイン間で有効なセッションのスタート 1022 997 * 共有SSL対応のための修正により、この関数は廃止します。
Note: See TracChangeset
for help on using the changeset viewer.