Changeset 20926


Ignore:
Timestamp:
2011/05/13 16:07:38 (10 years ago)
Author:
yomoro
Message:

#1303 r20923では、URLにスラッシュを二重に記載すると、アクセスできてしまうので、2重のものは必ず一つ削除するように修正。

File:
1 edited

Legend:

Unmodified
Added
Removed
  • branches/version-2_11-dev/data/class/SC_Session.php

    r20923 r20926  
    6767    function IsSuccess() { 
    6868        global $arrPERMISSION; 
    69         if($this->cert == CERT_STRING) { 
     69       if($this->cert == CERT_STRING) { 
     70            $admin_path = preg_replace('/\/+/', '/', $_SERVER['PHP_SELF']); 
    7071            $masterData                 = new SC_DB_MasterData_Ex(); 
    7172            $this->arrPERMISSION        = $masterData->getMasterData("mtb_permission"); 
    72             if(isset($this->arrPERMISSION[$_SERVER['PHP_SELF']])) { 
     73            if(isset($this->arrPERMISSION[$admin_path])) { 
    7374                // 数値が自分の権限以上のものでないとアクセスできない。 
    74                 if($this->arrPERMISSION[$_SERVER['PHP_SELF']] < $this->authority) { 
     75                if($this->arrPERMISSION[$admin_path] < $this->authority) { 
    7576                    return AUTH_ERROR; 
    7677                } 
Note: See TracChangeset for help on using the changeset viewer.