Changeset 23279 for branches/version-2_13-dev/data/class/pages
- Timestamp:
- 2013/11/18 15:20:47 (10 years ago)
- Location:
- branches/version-2_13-dev/data/class/pages
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
branches/version-2_13-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_FileManager.php
r23154 r23279 127 127 $this->setDispError('select_file', $disp_error); 128 128 } else { 129 // ファイルダウンロード 130 $objFileManager->sfDownloadFile($objFormParam->getValue('select_file')); 131 SC_Response_Ex::actionExit(); 132 } 129 $path_exists = SC_Utils::checkFileExistsWithInBasePath($objFormParam->getValue('select_file'),USER_REALDIR); 130 if ($path_exists) { 131 // ファイルダウンロード 132 $objFileManager->sfDownloadFile($objFormParam->getValue('select_file')); 133 SC_Response_Ex::actionExit(); 134 } 135 } 133 136 } 134 137 break; … … 139 142 $objFormParam->setParam($this->createSetParam($_POST)); 140 143 $objFormParam->convParam(); 141 142 144 $this->arrErr = $objFormParam->checkError(); 143 if (SC_Utils_Ex::isBlank($this->arrErr)) { 145 $path_exists = SC_Utils::checkFileExistsWithInBasePath($objFormParam->getValue('select_file'),USER_REALDIR); 146 if (SC_Utils_Ex::isBlank($this->arrErr) && ($path_exists)) { 144 147 $objFileManager->deleteFile($objFormParam->getValue('select_file')); 145 148 } -
branches/version-2_13-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_FileView.php
r23124 r23279 102 102 { 103 103 $file_check_flg = false; 104 105 104 // FIXME パスのチェック関数が必要 106 105 $file = $objFormParam->getValue('file'); 107 108 if ( !preg_match('|\./|', $file)){106 $path_exists = SC_Utils::checkFileExistsWithInBasePath($file,USER_REALDIR); 107 if ($path_exists){ 109 108 $file_check_flg = true; 110 109 } 111 112 110 return $file_check_flg; 113 111 } -
branches/version-2_13-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Product.php
r23260 r23279 565 565 { 566 566 $arrForm = $objFormParam->getHashArray(); 567 $arrForm['category_id'] = unserialize($arrForm['category_id']);567 $arrForm['category_id'] = SC_Utils_Ex::jsonDecode($arrForm['category_id']); 568 568 $objFormParam->setValue('category_id', $arrForm['category_id']); 569 569 … … 587 587 588 588 if (isset($arrForm['category_id']) && !is_array($arrForm['category_id'])) { 589 $arrForm['category_id'] = unserialize($arrForm['category_id']);589 $arrForm['category_id'] = SC_Utils_Ex::jsonDecode($arrForm['category_id']); 590 590 } 591 591 $this->tpl_json_category_id = !empty($arrForm['category_id']) ? SC_Utils_Ex::jsonEncode($arrForm['category_id']) : SC_Utils_Ex::jsonEncode(array()); … … 638 638 $arrForm['arrCategoryId'] = $arrForm['category_id']; 639 639 // hidden に渡す値は serialize する 640 $arrForm['category_id'] = serialize($arrForm['category_id']);640 $arrForm['category_id'] = SC_Utils_Ex::jsonEncode($arrForm['category_id']); 641 641 // 画像ファイル用データ取得 642 642 $arrForm['arrFile'] = $objUpFile->getFormFileList(IMAGE_TEMP_URLPATH, IMAGE_SAVE_URLPATH); -
branches/version-2_13-dev/data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php
r23124 r23279 81 81 $ParentPage = htmlspecialchars($_POST['ParentPage'], ENT_QUOTES); 82 82 } 83 84 // 正しい遷移かをチェック 85 $arrParentPageList = array(DELIV_URLPATH, MYPAGE_DELIVADDR_URLPATH, MULTIPLE_URLPATH); 86 if(!SC_Utils_Ex::isBlank($ParentPage) && !in_array($ParentPage, $arrParentPageList)) { 87 // 遷移が正しくない場合、デフォルトであるマイページの配送先追加の画面を設定する 88 $ParentPage = MYPAGE_DELIVADDR_URLPATH; 89 } 90 83 91 $this->ParentPage = $ParentPage; 84 92 … … 90 98 */ 91 99 if (!$objCustomer->isLoginSuccess(true) && $ParentPage != MULTIPLE_URLPATH) { 92 $this->tpl_onload = "eccube.changeParentUrl('". $ this->getLocation($_POST['ParentPage'])."'); window.close();";100 $this->tpl_onload = "eccube.changeParentUrl('". $ParentPage ."'); window.close();"; 93 101 } 94 102 -
branches/version-2_13-dev/data/class/pages/mypage/LC_Page_Mypage_Refusal.php
r23124 r23279 64 64 switch ($this->getMode()) { 65 65 case 'confirm': 66 // トークンを設定 67 $this->refusal_transactionid = $this->getRefusalToken(); 68 66 69 $this->tpl_mainpage = 'mypage/refusal_confirm.tpl'; 67 70 $this->tpl_subtitle = '退会手続き(確認ページ)'; … … 69 72 70 73 case 'complete': 74 // トークン入力チェック 75 if(!$this->isValidRefusalToken()) { 76 // エラー画面へ遷移する 77 SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, '', true); 78 SC_Response_Ex::actionExit(); 79 } 80 71 81 $objCustomer = new SC_Customer_Ex(); 72 82 $this->lfDeleteCustomer($objCustomer->getValue('customer_id')); … … 76 86 77 87 default: 88 if (SC_Display_Ex::detectDevice() == DEVICE_TYPE_MOBILE) { 89 $this->refusal_transactionid = $this->getRefusalToken(); 90 } 78 91 break; 79 92 } 80 93 94 } 95 96 /** 97 * トランザクショントークンを取得する 98 * 99 * @return string 100 */ 101 function getRefusalToken() { 102 if (empty($_SESSION['refusal_transactionid'])) { 103 $_SESSION['refusal_transactionid'] = SC_Helper_Session_Ex::createToken(); 104 } 105 return $_SESSION['refusal_transactionid']; 106 } 107 108 /** 109 * トランザクショントークンのチェックを行う 110 */ 111 function isValidRefusalToken() { 112 if(empty($_POST['refusal_transactionid'])) { 113 $ret = false; 114 } else { 115 $ret = $_POST['refusal_transactionid'] === $_SESSION['refusal_transactionid']; 116 } 117 118 return $ret; 119 } 120 121 /** 122 * トランザクショントークを破棄する 123 */ 124 function destroyRefusalToken() { 125 unset($_SESSION['refusal_transactionid']); 81 126 } 82 127
Note: See TracChangeset
for help on using the changeset viewer.