Changeset 22915 for branches/version-2_13-dev/data/class/pages/products/LC_Page_Products_List.php

Timestamp:

2013/06/28 15:24:16 (11 years ago)

Author:

shutta

Message:

#2265 (商品一覧エスケープ漏れ対応)
r22862(脆弱性対応)を2_13-devにもコミット。

File:

• branches/version-2_13-dev/data/class/pages/products/LC_Page_Products_List.php (modified) (1 diff)

branches/version-2_13-dev/data/class/pages/products/LC_Page_Products_List.php

@@ -408 +408 @@
                 $arrProducts[$key]['quantity']          = $arrForm['quantity'];
                 $arrProducts[$key]['arrErr']            = $arrErr;
-                $js_fnOnLoad .= "fnSetClassCategories(document.product_form{$arrProducts[$key]['product_id']}, '{$arrForm['classcategory_id2']}');";
+                $classcategory_id2 = SC_Utils_Ex::jsonEncode($arrForm['classcategory_id2']);
+                $js_fnOnLoad .= "fnSetClassCategories(document.product_form{$arrProducts[$key]['product_id']}, {$classcategory_id2});";
             }
         }