Changeset 22861 for branches/version-2_12-dev/data

Timestamp:

2013/06/19 16:50:22 (11 years ago)

Author:

m_uehara

Message:

#2264 おすすめ商品検索エスケープ漏れ対応

Location:

branches/version-2_12-dev/data

Files:

• Smarty/templates/admin/contents/recommend_search.tpl (modified) (1 diff)
• class/pages/admin/contents/LC_Page_Admin_Contents_RecommendSearch.php (modified) (2 diffs)

branches/version-2_12-dev/data/Smarty/templates/admin/contents/recommend_search.tpl

@@ -30 +30 @@
 
 function func_submit( id ){
-    var fm = window.opener.document.form<!--{$smarty.get.rank}-->;
+    var fm = window.opener.document.form<!--{$rank|h}-->;
     fm.product_id.value = id;
     fm.mode.value = 'set_item';
-    fm.rank.value = '<!--{$smarty.get.rank}-->';
+    fm.rank.value = '<!--{$rank|h}-->';
     fm.submit();
     window.close();

branches/version-2_12-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_RecommendSearch.php

@@ -72 +72 @@
         $objFormParam->setParam($_POST);
         $objFormParam->convParam();
+
+        $rank = intval($_GET['rank']);
 
         switch ($this->getMode()) {
@@ -104 +106 @@
         // カテゴリ取得
         $this->arrCatList = $objDb->sfGetCategoryList();
+        $this->rank       = $rank;
         $this->setTemplate('contents/recommend_search.tpl');