Context Navigation

template.tpl @ 15035

Visit:

Revision 15035, 9.5 KB checked in by adati, 16 years ago (diff)
任意のドライブおよび、フォルダの画像ファイル等にアクセスが可能な脆弱性を修正

Line
1	<!--{*
2	/*
3	* Copyright(c) 2000-2007 LOCKON CO.,LTD. All Rights Reserved.
4	*
5	* http://www.lockon.co.jp/
6	*/
7	*}-->
8	<!--¡ú¡ú¥á¥¤¥ó¥³¥ó¥Æ¥ó¥Ä¡ú¡ú-->
9	<table width="878" border="0" cellspacing="0" cellpadding="0" summary=" ">
10	<form name="form1" id="form1" method="post" action="<!--{$smarty.server.PHP_SELF\|escape}-->" onsubmit="return lfnModeSubmit('confirm')">
11	<!--{foreach from=$smarty.post key="key" item="item"}-->
12	<!--{if $key ne "mode"}--><input type="hidden" name="<!--{$key\|escape}-->" value="<!--{$item\|escape}-->">
13	<!--{/if}-->
14	<!--{/foreach}-->
15	<input type="hidden" name="mode" value="">
16	<input type="hidden" name="tpl_subno_template" value="<!--{$tpl_subno_template}-->">
17	<tr valign="top">
18	<td background="<!--{$smarty.const.URL_DIR}-->img/contents/navi_bg.gif" height="402">
19	<!--¢§SUB NAVI-->
20	<!--{include file=$tpl_subnavi}-->
21	<!--¢¥SUB NAVI-->
22	</td>
23	<td class="mainbg">
24	<!--¢§ÅÐÏ¿¥Æ¡¼¥Ö¥ë¤³¤³¤«¤é-->
25	<table width="737" border="0" cellspacing="0" cellpadding="0" summary=" ">
26	<!--¥á¥¤¥ó¥¨¥ê¥¢-->
27	<tr>
28	<td align="center">
29	<table width="706" border="0" cellspacing="0" cellpadding="0" summary=" ">
30	<tr><td height="14"></td></tr>
31	<tr>
32	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/main_top.jpg" width="706" height="14" alt=""></td>
33	</tr>
34	<tr>
35	<td background="<!--{$smarty.const.URL_DIR}-->img/contents/main_left.jpg"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="14" height="1" alt=""></td>
36	<td bgcolor="#cccccc">
37	<table width="678" border="0" cellspacing="0" cellpadding="0" summary=" ">
38	<tr>
39	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/contents_title_top.gif" width="678" height="7" alt=""></td>
40	</tr>
41	<tr>
42	<td background="<!--{$smarty.const.URL_DIR}-->img/contents/contents_title_left_bg.gif"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/contents_title_left.gif" width="22" height="12" alt=""></td>
43	<td bgcolor="#636469" width="638" class="fs14n"><span class="white"><!--¥³¥ó¥Æ¥ó¥Ä¥¿¥¤¥È¥ë--><!--{$template_name}--></span></td>
44	<td background="<!--{$smarty.const.URL_DIR}-->img/contents/contents_title_right_bg.gif"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="18" height="1" alt=""></td>
45	</tr>
46	<tr>
47	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/contents_title_bottom.gif" width="678" height="7" alt=""></td>
48	</tr>
49	<tr>
50	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/main_bar.jpg" width="678" height="10" alt=""></td>
51	</tr>
52	</table>
53
54	<table width="678" border="0" cellspacing="1" cellpadding="8" summary=" ">
55	<tr class="fs12n">
56	<td bgcolor="#f2f1ec" align="center"><strong>¸½ºß¤Î¥Æ¥ó¥×¥ì¡¼¥È</strong></td>
57	</tr>
58	<tr class="fs12n">
59	<td bgcolor="#ffffff" align="center"><img height=500 width=400 src="<!--{$smarty.const.URL_DIR}--><!--{$arrTemplate.image[$MainImage]}-->" name="main_img" ></td>
60	</tr>
61	</table>
62
63	<table width="678" border="0" cellspacing="0" cellpadding="0" summary=" ">
64	<tr><td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/main_bar.jpg" width="678" height="10" alt=""></td></tr>
65	</table>
66
67	<table width="678" border="0" cellspacing="1" cellpadding="8" summary=" ">
68	<tr class="fs12n">
69	<td bgcolor="#f2f1ec" align="center" colspan="3"><strong>¥Æ¥ó¥×¥ì¡¼¥È°ìÍ÷</strong></td>
70	</tr>
71
72	<!--{section name=template loop=$arrTemplate.image step=3}-->
73	<!--{foreach key=key item=item from=$arrTemplate.image}-->
74	<tr>
75	<!--{assign var=cnt value=$smarty.section.template.iteration-1}-->
76	<!--{assign var=key value=$cnt*$smarty.section.template.step}-->
77	<!--{assign var=code value=$arrTemplate.code[$key]}-->
78	<!--{assign var=image value=$arrTemplate.image[$code]}-->
79	<td bgcolor="#ffffff" align="center"><!--{$arrTemplate[template]}-->
80	<span class="fs12">¡Ú<!--{$code}-->¡Û</span><br/>
81	<label for="radio<!--{$key}-->"><img src="<!--{$smarty.const.URL_DIR}--><!--{$image}-->" width="160" height="200" name="<!--{$key}-->" alt="<!--{$code}-->"></label><br>
82	<span class="fs10n"><label for="radio<!--{$key}-->"><input type="radio" name="check_template" value="<!--{$code}-->" id="radio<!--{$key}-->" onClick="ChangeImage('<!--{$smarty.const.URL_DIR}--><!--{$image}-->');" <!--{if $arrTemplate.check[$code] != ""}-->checked<!--{/if}-->>ÁªÂò</label></span>
83	</td>
84	<!--{assign var=cnt value=$smarty.section.template.iteration-1}-->
85	<!--{assign var=key value=$cnt*$smarty.section.template.step+1}-->
86	<!--{assign var=code value=$arrTemplate.code[$key]}-->
87	<!--{assign var=image value=$arrTemplate.image[$code]}-->
88	<!--{if $image != ""}-->
89	<td bgcolor="#ffffff" align="center"><!--{$arrTemplate[template]}-->
90	<span class="fs12">¡Ú<!--{$code}-->¡Û</span><br/>
91	<label for="radio<!--{$key}-->"><img src="<!--{$smarty.const.URL_DIR}--><!--{$image}-->" width="160" height="200" name="<!--{$key}-->" alt="<!--{$code}-->></label><br>
92	<span class="fs10n"><label for="radio<!--{$key}-->"><input type="radio" name="check_template" value="<!--{$code}-->" id="radio<!--{$key}-->" onClick="ChangeImage('<!--{$smarty.const.URL_DIR}--><!--{$image}-->');" <!--{if $arrTemplate.check[$code] != ""}-->checked<!--{/if}-->>ÁªÂò</label></span>
93	</td>
94	<!--{/if}-->
95	<!--{assign var=cnt value=$smarty.section.template.iteration-1}-->
96	<!--{assign var=key value=$cnt*$smarty.section.template.step+2}-->
97	<!--{assign var=code value=$arrTemplate.code[$key]}-->
98	<!--{assign var=image value=$arrTemplate.image[$code]}-->
99	<!--{if $image != ""}-->
100	<td bgcolor="#ffffff" align="center"><!--{$arrTemplate[template]}-->
101	<span class="fs12">¡Ú<!--{$code}-->¡Û</span><br/>
102	<label for="radio<!--{$key}-->"><img src="<!--{$smarty.const.URL_DIR}--><!--{$image}-->" width="160" height="200" name="<!--{$key}-->" alt="<!--{$code}-->></label><br>
103	<span class="fs10n"><label for="radio<!--{$key}-->"><input type="radio" name="check_template" value="<!--{$code}-->" id="radio<!--{$key}-->" onClick="ChangeImage('<!--{$smarty.const.URL_DIR}--><!--{$image}-->');" <!--{if $arrTemplate.check[$code] != ""}-->checked<!--{/if}-->>ÁªÂò</label></span>
104	</td>
105	<!--{/if}-->
106
107	</tr>
108	<!--{/section}-->
109	</table>
110
111	<table width="678" border="0" cellspacing="0" cellpadding="0" summary=" ">
112	<tr>
113	<td bgcolor="#cccccc"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="1" height="5" alt=""></td>
114	<td><img src="<!--{$smarty.const.URL_DIR}-->img/contents/tbl_top.gif" width="676" height="7" alt=""></td>
115	<td bgcolor="#cccccc"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="1" height="5" alt=""></td>
116	</tr>
117	<tr>
118	<td bgcolor="#cccccc"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="1" height="10" alt=""></td>
119	<td bgcolor="#e9e7de" align="center">
120	<table border="0" cellspacing="0" cellpadding="0" summary=" ">
121	<tr>
122	<td>
123	<a href="javascript:fnModeSubmit('download', '', '');"><img onMouseover="chgImgImageSubmit('<!--{$smarty.const.URL_DIR}-->img/contents/btn_download_on.jpg',this)" onMouseout="chgImgImageSubmit('<!--{$smarty.const.URL_DIR}-->img/contents/btn_download.jpg',this)" src="<!--{$smarty.const.URL_DIR}-->img/contents/btn_download.jpg" width="123" height="24" alt="¥À¥¦¥ó¥í¡¼¥É" border="0" name="subm"></a>
124	<input type="image" onMouseover="chgImgImageSubmit('<!--{$smarty.const.URL_DIR}-->img/contents/btn_regist_on.jpg',this)" onMouseout="chgImgImageSubmit('<!--{$smarty.const.URL_DIR}-->img/contents/btn_regist.jpg',this)" src="<!--{$smarty.const.URL_DIR}-->img/contents/btn_regist.jpg" width="123" height="24" alt="¤³¤ÎÆâÍÆ¤ÇÅÐÏ¿¤¹¤ë" border="0" name="subm">
125	</td>
126	</tr>
127	</table>
128	</td>
129	<td bgcolor="#cccccc"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="1" height="10" alt=""></td>
130	</tr>
131	<tr>
132	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/tbl_bottom.gif" width="678" height="8" alt=""></td>
133	</tr>
134	</table>
135	</td>
136	<td background="<!--{$smarty.const.URL_DIR}-->img/contents/main_right.jpg"><img src="<!--{$smarty.const.URL_DIR}-->img/common/_.gif" width="14" height="1" alt=""></td>
137	</tr>
138	<tr>
139	<td colspan="3"><img src="<!--{$smarty.const.URL_DIR}-->img/contents/main_bottom.jpg" width="706" height="14" alt=""></td>
140	</tr>
141	<tr><td height="30"></td></tr>
142	</table>
143	</td>
144	</tr>
145	<!--¥á¥¤¥ó¥¨¥ê¥¢-->
146	</table>
147	<!--¢¥ÅÐÏ¿¥Æ¡¼¥Ö¥ë¤³¤³¤Þ¤Ç-->
148	</td>
149	</tr>
150	</form>
151	</table>
152	<!--¡ú¡ú¥á¥¤¥ó¥³¥ó¥Æ¥ó¥Ä¡ú¡ú-->
153
154	<script type="text/javascript">
155	function ChangeImage(strUrl)
156	{
157	document.main_img.src=strUrl;
158	}
159
160	// ¥â¡¼¥É¤È¥¡¼¤ò»ØÄê¤·¤ÆSUBMIT¤ò¹Ô¤¦¡£
161	function lfnModeSubmit(mode) {
162	if(!window.confirm('ÅÐÏ¿¤·¤Æ¤âµ¹¤·¤¤¤Ç¤¹¤«?')){
163	return false;
164	}
165	document.form1['mode'].value = mode;
166	return true;
167	}
168
169
170	</script>

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: branches/rel/data/Smarty/templates/admin/design/template.tpl @ 15035

Download in other formats: