Changeset 22916


Ignore:
Timestamp:
2013/06/28 15:28:20 (11 years ago)
Author:
shutta
Message:

#2264 (おすすめ商品検索画面にエスケープ漏れの項目がある)
r22861(脆弱性対応)を2_13-devにもコミット。

Location:
branches/version-2_13-dev/data
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • branches/version-2_13-dev/data/Smarty/templates/admin/contents/recommend_search.tpl

    r22856 r22916  
    3030 
    3131function func_submit( id ){ 
    32     var fm = window.opener.document.form<!--{$smarty.get.rank}-->; 
     32    var fm = window.opener.document.form<!--{$rank|h}-->; 
    3333    fm.product_id.value = id; 
    3434    fm.mode.value = 'set_item'; 
    35     fm.rank.value = '<!--{$smarty.get.rank}-->'; 
     35    fm.rank.value = '<!--{$rank|h}-->'; 
    3636    fm.submit(); 
    3737    window.close(); 

  • branches/version-2_13-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_RecommendSearch.php

    r22857 r22916  
    7070        $objFormParam->setParam($_POST); 
    7171        $objFormParam->convParam(); 
     72 
     73        $rank = intval($_GET['rank']); 
    7274 
    7375        switch ($this->getMode()) { 
     
    102104        // カテゴリ取得 
    103105        $this->arrCatList = $objDb->sfGetCategoryList(); 
     106        $this->rank       = $rank; 
    104107        $this->setTemplate('contents/recommend_search.tpl'); 
    105108    } 
Note: See TracChangeset for help on using the changeset viewer.