Changeset 15037 for branches/rel

Timestamp:

2007/07/11 12:53:23 (16 years ago)

Author:

adati

Message:

不正アクセス時にログをとるように修正

Location:

branches/rel/html

Files:

• frontparts/login_check.php (modified) (1 diff)
• resize_image.php (modified) (3 diffs)

branches/rel/html/frontparts/login_check.php

@@ -9 +9 @@
 // ÉÔÀµ¤ÊURL¤¬POST¤µ¤ì¤¿¾ì¹ç¤Ï¥¨¥é¡¼É½¼¨
 if (isset($_POST['url']) && lfIsValidURL() !== true) {
-    gfDebugLog("login_check.php debug \n" . $POST['url']);
+    gfPrintLog('invalid access :login_check.php $POST["url"]=' . $POST['url']);
     sfDispSiteError(PAGE_ERROR);
 }

branches/rel/html/resize_image.php

@@ -5 +5 @@
 
 require_once($include_dir . HTML2DATA_DIR. "lib/gdthumb.php");
+require_once($include_dir . HTML2DATA_DIR. "lib/glib.php");
 require_once($include_dir . HTML2DATA_DIR. "conf/conf.php");
 
@@ -14 +15 @@
 if ( isset($_GET['image']) && $_GET['image'] !== NO_IMAGE_DIR) {
     
-    //ÉÔÀµ¤Ê¥Õ¥¡¥¤¥ë̾¤¬ÅϤµ¤ì¤¿¾ì¹ç¤Ï½ªÎ»¤µ¤»¤ë
-    if ( lfCheckFileName() !== true ) {
-        exit();
+    // ¥Õ¥¡¥¤¥ë̾¤¬Àµ¤·¤¤¾ì¹ç¤À¤±¡¢$file¤òÀßÄê
+    if ( lfCheckFileName() === true ) {
+        $file = IMAGE_SAVE_DIR . $_GET['image'];
+    } else {
+        gfPrintLog('invalid access :resize_image.php $_GET["image"]=' . $_GET['image']);
     }
-    
-    $file = IMAGE_SAVE_DIR . $_GET['image'];
 }
 
@@ -31 +32 @@
 function lfCheckFileName() {
     //$pattern = '|^[0-9]+_[0-9a-z]+\.[a-z]{3}$|';
-    $pattern = '|\.\./|';
+    $pattern = '|\./|';
     $file    = trim($_GET["image"]);
     if ( preg_match_all($pattern, $file, $matches) ) {