# # ChangeLog for branches/rel # # Generated by Trac 0.12.ja1 # 2024/03/28 21:35:21 Fri, 27 Jul 2007 02:05:32 GMT adati [15138] * branches/rel/html/mobile/shopping/complete.php (modified) Fri, 27 Jul 2007 02:01:07 GMT adati [15137] * branches/rel/html/mobile/shopping/complete.php (modified) Fri, 27 Jul 2007 01:42:24 GMT adati [15136] * branches/rel/html/mobile/shopping/complete.php (modified) Mon, 23 Jul 2007 00:57:20 GMT adati [15092] * branches/rel/data/Smarty/templates/mobile/entry/set2.tpl (modified) Mon, 23 Jul 2007 00:30:03 GMT adati [15091] * branches/rel/html/mobile/entry/index.php (modified) #133 メルマガ登録の不具合を修正 Fri, 20 Jul 2007 10:39:12 GMT adati [15086] * branches/rel/data/class/SC_DbConn.php (modified) DB接続失敗時にDSN情報を表示しないように修正 Wed, 18 Jul 2007 12:40:46 GMT naka [15071] * branches/rel/html/frontparts/login_check.php (modified) Wed, 18 Jul 2007 12:31:30 GMT naka [15070] * branches/rel/html/frontparts/login_check.php (modified) Wed, 18 Jul 2007 12:25:42 GMT naka [15069] * branches/rel/html/frontparts/login_check.php (modified) Wed, 18 Jul 2007 04:06:22 GMT adati [15063] * branches/rel/html/install/user_data/templates/default1/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/detail.tpl (modified) ~が文字化けする問題の修正 Wed, 18 Jul 2007 02:27:05 GMT adati [15061] * branches/rel/data/conf/conf.php (modified) 1.3.4正式版リリース準備 Tue, 17 Jul 2007 12:54:03 GMT adati [15055] * branches/rel/html/install/user_data/include/bloc/login.tpl (modified) typo修正 Tue, 17 Jul 2007 12:53:31 GMT adati [15054] * branches/rel/html/install/user_data/templates/default1/include/bloc/login.tpl (modified) typo修正 Tue, 17 Jul 2007 12:48:24 GMT adati [15053] * branches/rel/data/class/SC_View.php (modified) * branches/rel/html/frontparts/login_check.php (modified) * branches/rel/html/install/user_data/include/bloc/login.tpl (modified) * branches/rel/html/install/user_data/templates/default1/include/bloc/login.tpl (modified) ヘッダインジェクション対策(POSTされるURLのチェックを行うようにした) Tue, 17 Jul 2007 11:12:45 GMT adati [15051] * branches/rel/html/load_module.php (modified) 認証処理がかかっていなかったのを修正 Tue, 17 Jul 2007 06:21:32 GMT adati [15048] * branches/rel/html/frontparts/login_check.php (modified) ドメインチェックを一時削除 Tue, 17 Jul 2007 02:40:33 GMT adati [15047] * branches/rel/html/install/user_data/templates/default1/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/detail.tpl (modified) ~が文字化けする不具合を修正 Tue, 17 Jul 2007 02:07:54 GMT adati [15046] * branches/rel/data/lib/slib.php (modified) リファラチェックでログインできない不具合を修正 Wed, 11 Jul 2007 04:22:50 GMT adati [15039] * branches/rel/html/frontparts/login_check.php (modified) typo修正 $POST→$_POST Wed, 11 Jul 2007 04:20:03 GMT adati [15038] * branches/rel/html/frontparts/login_check.php (modified) ドメインチェックが効いていなかったのを修正 Wed, 11 Jul 2007 03:53:23 GMT adati [15037] * branches/rel/html/frontparts/login_check.php (modified) * branches/rel/html/resize_image.php (modified) 不正アクセス時にログをとるように修正 Wed, 11 Jul 2007 03:31:03 GMT adati [15036] * branches/rel/html/frontparts/login_check.php (modified) パラメータ操作によるリダイレクトが可能となる脆弱性を修正 Tue, 10 Jul 2007 13:12:44 GMT adati [15035] * branches/rel/data/Smarty/templates/admin/contents/campaign_create_tag.tpl (modified) * branches/rel/data/Smarty/templates/admin/contents/recomend_search.tpl (modified) * branches/rel/data/Smarty/templates/admin/design/template.tpl (modified) * branches/rel/data/Smarty/templates/admin/products/confirm.tpl (modified) * branches/rel/data/Smarty/templates/admin/products/index.tpl (modified) * branches/rel/data/Smarty/templates/admin/products/product.tpl (modified) * branches/rel/data/Smarty/templates/admin/products/product_rank.tpl (modified) * branches/rel/data/Smarty/templates/admin/products/product_select.tpl (modified) * branches/rel/data/Smarty/templates/cart/index.tpl (modified) * branches/rel/data/Smarty/templates/shopping/confirm.tpl (modified) * branches/rel/html/install/user_data/include/bloc/best5.tpl (modified) * branches/rel/html/install/user_data/templates/default1/include/bloc/best5.tpl (modified) * branches/rel/html/install/user_data/templates/default1/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/detail.tpl (modified) * branches/rel/html/resize_image.php (modified) 任意のドライブおよび、フォルダの画像ファイル等にアクセスが可能な脆弱性を修正 Wed, 04 Jul 2007 07:44:46 GMT adati [15027] * branches/rel/html/products/review.php (modified) レビューのコメント欄の入力内容にURLが含まれているかチェックするようにした Wed, 04 Jul 2007 03:32:41 GMT adati [15025] * branches/rel/data/conf/conf.php (modified) [1.3.3正式版リリース準備] Wed, 04 Jul 2007 03:29:45 GMT adati [15024] * branches/rel/data/conf/conf.php (modified) [1.3.3正式版リリース準備] Wed, 04 Jul 2007 03:28:24 GMT adati [15023] * branches/rel/data/conf/conf.php (modified) [1.3.3正式版リリース準備] Wed, 04 Jul 2007 03:06:43 GMT nakanishi [15021] * branches/rel/html/admin/contents/inquiry.php (modified) 【修正】CSVダウンロードで全てのアンケート結果がダウンロードされる問題を修正 Wed, 04 Jul 2007 01:48:13 GMT adati [15020] * branches/rel/data/class/SC_CheckError.php (modified) * branches/rel/html/contact/index.php (modified) お問い合わせ内容で、入力内容にURLが含まれているかチェックするようにした Sun, 01 Jul 2007 02:33:09 GMT kakinaka [15003] * branches/rel/data/lib/slib.php (modified) Fri, 29 Jun 2007 02:31:58 GMT naka [14995] * branches/rel/data/Smarty/templates/admin/customer/index.tpl (modified) Thu, 28 Jun 2007 08:24:05 GMT adati [14993] * branches/rel/data/Smarty/templates/admin/system/input.tpl (modified) * branches/rel/html/admin/system/input.php (modified) CSRF対策:システム>メンバー管理の脆弱性を修正 Thu, 28 Jun 2007 07:49:46 GMT adati [14992] * branches/rel/data/conf/conf.php (modified) CSRF対策:定数REVIEW_ALLOW_URLを追加、商品レビューでURLの書き込みを許可するかどうかのflg Thu, 28 Jun 2007 07:47:26 GMT adati [14991] * branches/rel/html/admin/login.php (modified) CSRF対策:ログイン時にuniqidをセッションにセットするように修正 Thu, 28 Jun 2007 07:46:22 GMT adati [14990] * branches/rel/data/lib/slib.php (modified) CSRF対策:sfIsValidTransition()の追加、画面遷移の正当性をチェックする Thu, 28 Jun 2007 07:43:42 GMT adati [14989] * branches/rel/data/class/SC_Session.php (modified) CSRF対策:セッションにuniqidを持たせるように修正 Thu, 28 Jun 2007 02:16:33 GMT adati [14950] * branches/rel/data/lib/slib.php (modified) CSRF対策:sfIsSuccess()を修正、リファラのチェックをするようにした Thu, 28 Jun 2007 02:15:24 GMT adati [14949] * branches/rel/html/install/user_data/templates/default1/templates/mypage/refusal_confirm.tpl (modified) * branches/rel/html/install/user_data/templates/mypage/refusal_confirm.tpl (modified) * branches/rel/html/mypage/refusal.php (modified) CSRF対策:マイページで退会手続きが実行されないように修正 Wed, 27 Jun 2007 09:10:33 GMT adati [14933] * branches/rel/data/conf/conf.php (modified) conf.php:定数にINVALID_MOVE_ERRORを追加 Tue, 26 Jun 2007 08:54:20 GMT adati [14930] * branches/rel/data/Smarty/templates/contact/index.tpl (modified) エスケープ漏れを修正 Tue, 26 Jun 2007 06:15:07 GMT uehara [14929] * branches/rel/data/conf/conf.php (modified) 商品サブ(PRODUCTSUB_MAX)の値が不正な為エラーとなっていた Tue, 26 Jun 2007 06:10:47 GMT adati [14928] * branches/rel/data/smarty_extends/modifier.script_escape.php (modified) XSS:置換候補に「javascript:」を追加 Tue, 26 Jun 2007 05:46:58 GMT uehara [14927] * branches/rel/data/conf/conf.php (modified) 商品登録ができない為、デバック Tue, 26 Jun 2007 05:25:17 GMT uehara [14926] * branches/rel/html/admin/products/upload_csv.php (modified) Tue, 26 Jun 2007 04:05:53 GMT uehara [14925] * branches/rel/html/admin/products/upload_csv.php (modified) アップロードCSV、新規登録時のバグ改修 Tue, 26 Jun 2007 03:04:18 GMT uehara [14921] * branches/rel/data/class/SC_Query.php (modified) * branches/rel/data/conf/conf.php (modified) * branches/rel/html/admin/products/upload_csv.php (modified) * branches/rel/html/install/sql/insert_data.sql (modified) 商品登録CSV改修 MySQLのauto_incrementバグに対応 Fri, 22 Jun 2007 04:05:16 GMT naka [14911] * branches/rel/data/class/SC_SelectSql.php (modified) SQL文のdate関数に与えるフォーマットは、yyyy/mm/ddで指定する。 Wed, 20 Jun 2007 02:53:25 GMT kakinaka [14900] * branches/rel/data/conf/conf.php (modified) debug mode を false に変更 Wed, 20 Jun 2007 02:41:28 GMT kakinaka [14898] * branches/rel/html/mobile/shopping/complete.php (modified) * branches/rel/html/mobile/shopping/confirm.php (modified) dtb_order_temp に セッション情報を保持するように修正 Wed, 20 Jun 2007 02:33:45 GMT kakinaka [14897] * branches/rel/html/install/sql/create_table_mysql.sql (modified) * branches/rel/html/install/sql/create_table_pgsql.sql (modified) dtb_order_temp に セッション情報を保持するように修正 Wed, 20 Jun 2007 02:26:38 GMT kakinaka [14894] * branches/rel/data/conf/conf.php (modified) debug mode を true に変更 Wed, 20 Jun 2007 02:09:33 GMT kakinaka [14893] * branches/rel/html/shopping/complete.php (modified) リビジョン14891のコメントです。 dtb_order_temp に セッション情報を保持するように修正 ... Wed, 20 Jun 2007 02:04:41 GMT kakinaka [14891] * branches/rel/html/install/sql/create_table_mysql.sql (modified) * branches/rel/html/install/sql/create_table_pgsql.sql (modified) * branches/rel/html/shopping/complete.php (modified) * branches/rel/html/shopping/confirm.php (modified) Mon, 18 Jun 2007 00:19:26 GMT adati [14735] * branches/rel/html/install/sql/add/dtb_trackback_mysql.sql (modified) Sun, 17 Jun 2007 13:28:08 GMT kakinaka [14732] * branches/rel/data/class/SC_CartSession.php (modified) カートIDのバグを修正 Thu, 14 Jun 2007 07:18:05 GMT adati [14659] * branches/rel/html/img/main/image.gif (modified) Thu, 14 Jun 2007 03:53:14 GMT naka [14644] * branches/rel/data/conf/conf.php (modified) Mon, 11 Jun 2007 10:24:31 GMT adati [14585] * branches/rel/data/Smarty/templates/mobile/products/list.tpl (modified) syntax errorが発生する不具合の修正 Fri, 08 Jun 2007 05:55:43 GMT adati [14554] * branches/rel/data/conf/conf.php (modified) Fri, 08 Jun 2007 05:46:22 GMT adati [14553] * branches/rel/data/Smarty/templates/admin/contents/campaign_design.tpl (modified) textareaの入力欄にはscriptタグのエスケープがかからないように修正 Fri, 08 Jun 2007 05:44:09 GMT adati [14552] * branches/rel/data/Smarty/templates/admin/contents/campaign_design.tpl (modified) textareaの入力欄にはscriptタグのエスケープがかからないように修正 Fri, 08 Jun 2007 03:26:39 GMT adati [14534] * branches/rel/data/Smarty/templates/admin/design/bloc.tpl (modified) * branches/rel/data/Smarty/templates/admin/design/header.tpl (modified) * branches/rel/data/Smarty/templates/admin/design/main_edit.tpl (modified) textareaの入力欄にはscriptタグのエスケープがかからないように修正 Fri, 08 Jun 2007 02:49:08 GMT adati [14529] * branches/rel/data/smarty_extends/modifier.script_escape.php (modified) scriptタグにマッチした場合は変換後の文字列、しない場合は入力された文字列をそのまま返すように修正 Fri, 08 Jun 2007 02:42:32 GMT adati [14525] * branches/rel/data/smarty_extends/modifier.script_escape.php (modified) scriptタグにマッチした場合は変換後の文字列、しない場合は入力された文字列をそのまま返すように修正 Fri, 08 Jun 2007 01:30:20 GMT adati [14488] * branches/rel/data/class/SC_View.php (modified) Fri, 08 Jun 2007 00:51:42 GMT adati [14474] * branches/rel/data/class/SC_View.php (modified) Thu, 07 Jun 2007 12:45:59 GMT adati [14464] * branches/rel/data/smarty_extends/modifier.script_escape.php (modified) Thu, 07 Jun 2007 03:47:43 GMT adati [14393] * branches/rel/data/class/SC_View.php (modified) * branches/rel/data/smarty_extends/modifier.script_escape.php (added) スクリプトタグのみ自動でエスケープされるように修正。 Wed, 06 Jun 2007 02:35:59 GMT kishida [14327] * branches/rel/html/tb/index.php (modified) Fri, 01 Jun 2007 07:48:18 GMT kakinaka [14117] * branches/rel/data/class/SC_CartSession.php (modified) * branches/rel/html/install/user_data/include/campaign/default/src/index.php (modified) * branches/rel/html/shopping/complete.php (modified) Fri, 01 Jun 2007 07:25:20 GMT kakinaka [14112] * branches/rel/data/class/SC_CartSession.php (modified) * branches/rel/html/install/user_data/include/campaign/default/src/index.php (modified) * branches/rel/html/shopping/complete.php (modified) キャンペーンページを閲覧後、通常の商品を購入すると閲覧したキャンペーンに応募したことになってしまう問題を修正 Wed, 30 May 2007 03:15:06 GMT naka [13770] * branches/rel/html/products/detail.php (modified) Tue, 29 May 2007 05:20:53 GMT nakanishi [13631] * branches/rel/html/install/sql/create_table_mysql.sql (modified) Tue, 29 May 2007 05:20:17 GMT nakanishi [13630] * branches/rel/html/admin/mail/index.php (modified) Tue, 29 May 2007 01:06:15 GMT adati [13588] * branches/rel/data/lib/slib.php (modified) Tue, 29 May 2007 00:47:57 GMT adati [13581] * branches/rel/html/products/list.php (modified) Tue, 29 May 2007 00:42:23 GMT adati [13577] * branches/rel/html/mypage/index.php (modified) Mon, 28 May 2007 11:01:51 GMT adati [13538] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 10:57:41 GMT adati [13536] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 10:41:27 GMT adati [13530] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 10:40:44 GMT adati [13529] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 10:34:19 GMT adati [13526] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 10:33:36 GMT adati [13525] * branches/rel/html/shopping/payment.php (modified) Mon, 28 May 2007 09:57:22 GMT adati [13520] * branches/rel/data/conf/conf.php (modified) Mon, 28 May 2007 09:51:19 GMT adati [13518] * branches/rel/data/class/SC_DbConn.php (modified) Mon, 28 May 2007 09:49:34 GMT adati [13517] * branches/rel/data/conf/conf.php (modified) Mon, 28 May 2007 09:23:46 GMT adati [13508] * branches/rel/data/conf/conf.php (modified) Mon, 28 May 2007 07:54:40 GMT uehara [13497] * branches/rel/html/admin/products/upload_csv.php (modified) Mon, 28 May 2007 06:40:00 GMT adati [13494] * branches/rel/html/products/list.php (modified) Fri, 25 May 2007 08:18:46 GMT adati [13457] * branches/rel/html/install/user_data/templates/default1/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/default1/templates/list.tpl (modified) * branches/rel/html/install/user_data/templates/default1/templates/mypage/index.tpl (modified) * branches/rel/html/install/user_data/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/list.tpl (modified) * branches/rel/html/install/user_data/templates/mypage/index.tpl (modified) * branches/rel/html/mypage/index.php (modified) * branches/rel/html/products/detail.php (modified) * branches/rel/html/products/list.php (modified) Fri, 25 May 2007 07:25:05 GMT adati [13454] * branches/rel/html/install/user_data/templates/default1/templates/detail.tpl (modified) * branches/rel/html/install/user_data/templates/detail.tpl (modified) Fri, 25 May 2007 06:17:41 GMT kakinaka [13452] * branches/rel/data/Smarty/templates/admin/total/index.tpl (modified) * branches/rel/html/admin/total/index.php (modified) GDライブラリがインストールされていない場合はグラフ出力を行わないように修正。 Fri, 25 May 2007 05:28:47 GMT kakinaka [13449] * branches/rel/html/admin/total/index.php (modified) Fri, 25 May 2007 05:15:05 GMT kakinaka [13448] * branches/rel/html/resize_image.php (modified) resize_image.php の define.php の読込みエラーを修正 Fri, 25 May 2007 04:11:32 GMT adati [13443] * branches/rel/html/install/user_data/templates/default1/templates/list.tpl (modified) * branches/rel/html/install/user_data/templates/default1/templates/mypage/index.tpl (modified) Fri, 25 May 2007 04:06:49 GMT adati [13442] * branches/rel/html/install/user_data/templates/list.tpl (modified) * branches/rel/html/install/user_data/templates/mypage/index.tpl (modified) Fri, 25 May 2007 02:00:52 GMT kakinaka [13428] * branches/rel/html/admin/require.php (modified) Fri, 25 May 2007 01:56:40 GMT kakinaka [13426] * branches/rel/html/admin/total/index.php (modified) 職業別集計にキャンセル商品は含まないように修正 Fri, 25 May 2007 01:12:37 GMT kakinaka [13406] * branches/rel/html/install/index.php (modified) Fri, 25 May 2007 01:08:47 GMT kakinaka [13405] * branches/rel/html/admin/require.php (modified) * branches/rel/html/mobile/require.php (modified)