Changeset 20926 for branches/version-2_11-dev/data/class/SC_Session.php

Timestamp:

2011/05/13 16:07:38 (13 years ago)

Author:

yomoro

Message:

#1303 r20923では、URLにスラッシュを二重に記載すると、アクセスできてしまうので、２重のものは必ず一つ削除するように修正。

File:

• branches/version-2_11-dev/data/class/SC_Session.php (modified) (1 diff)

branches/version-2_11-dev/data/class/SC_Session.php

@@ -67 +67 @@
     function IsSuccess() {
         global $arrPERMISSION;
-        if($this->cert == CERT_STRING) {
+       if($this->cert == CERT_STRING) {
+            $admin_path = preg_replace('/\/+/', '/', $_SERVER['PHP_SELF']);
             $masterData                 = new SC_DB_MasterData_Ex();
             $this->arrPERMISSION        = $masterData->getMasterData("mtb_permission");
-            if(isset($this->arrPERMISSION[$_SERVER['PHP_SELF']])) {
+            if(isset($this->arrPERMISSION[$admin_path])) {
                 // 数値が自分の権限以上のものでないとアクセスできない。
-                if($this->arrPERMISSION[$_SERVER['PHP_SELF']] < $this->authority) {
+                if($this->arrPERMISSION[$admin_path] < $this->authority) {
                     return AUTH_ERROR;
                 }