Index: branches/dev/html/admin/system/resize_image.php
===================================================================
--- branches/dev/html/admin/system/resize_image.php	(revision 15045)
+++ branches/dev/html/admin/system/resize_image.php	(revision 15045)
@@ -0,0 +1,37 @@
+<?php
+
+require_once("../../require.php");
+
+$file = NO_IMAGE_DIR;
+
+// NO_IMAGE_DIR°Ê³°¤Î¥Õ¥¡¥¤¥ëÌ¾¤¬ÅÏ¤µ¤ì¤¿¾ì¹ç¡¢¥Õ¥¡¥¤¥ëÌ¾¤Î¥Á¥§¥Ã¥¯¤ò¹Ô¤¦
+if ( isset($_GET['image']) && $_GET['image'] !== NO_IMAGE_DIR) {
+    
+    // ¥Õ¥¡¥¤¥ëÌ¾¤¬Àµ¤·¤¤¾ì¹ç¤À¤±¡¢$file¤òÀßÄê
+    if ( lfCheckFileName() === true ) {
+        $file = MODULE_PATH . $_GET['image'];
+    } else {
+        gfPrintLog('invalid access :resize_image.php $_GET["image"]=' . $_GET['image']);
+    }
+}
+
+$objThumb = new gdthumb();
+
+if(file_exists($file)){
+    $objThumb->Main($file, $_GET["width"], $_GET["height"], "", true);
+}else{
+    $objThumb->Main(NO_IMAGE_DIR, $_GET["width"], $_GET["height"], "", true);
+}
+
+// ¥Õ¥¡¥¤¥ëÌ¾¤Î·Á¼°¤ò¥Á¥§¥Ã¥¯
+function lfCheckFileName() {
+    $pattern = '|^mdl_icons/icon_[a-zA-Z0-9_]+?\.[a-z]{3}$|';
+    $file    = trim($_GET["image"]);
+    if ( preg_match($pattern, $file) ) {
+        return true;
+    } else {
+        return false;
+    }
+}
+
+?>
