Context Navigation

← Previous Change
Next Change →

Changeset 15314 for branches/rel

Timestamp:

2007/08/20 17:49:32 (16 years ago)

Author:

adachi

Message:

ログインできない問題の修正

File:

: 1 edited

branches/rel/html/frontparts/login_check.php (modified) (4 diffs)

Legend:

: Unmodified
: Added
: Removed

branches/rel/html/frontparts/login_check.php

-                      r15071
+                      r15314
         $objCookie->setCookie('login_email', '');
+    }
     if(count($arrErr) == 0) {
         if($objCustomer->getCustomerDataFromEmailPass($arrForm['login_pass'], $arrForm['login_email'])) {
 …
             $where = "email ILIKE ? AND status = 1 AND del_flg = 0";
             $ret = $objQuery->count("dtb_customer", $where, array($arrForm['login_email']));
             if($ret > 0) {
                 sfDispSiteError(TEMP_LOGIN_ERROR);
 …
         header("Location: /mypage/login.php");
     }else{
         header("Location: " . $_POST['url']);
+        header("Location: " . $_POST['url']);
+    }
     exit;
 …
 /* POST¤µ¤ì¤ëURL¤Î¥Á¥§¥Ã¥¯*/
 function lfIsValidURL() {
     $site_url  = sfIsHTTPS() ? SSL_URL : SITE_URL;
     $check_url = trim($_POST['url']);
+    $arrValidUrl = array(SSL_URL, SITE_URL, '/');
+    $targetUrl   = $_POST['url'];
+    // ¥í¡¼¥«¥ë¥É¥á¥¤¥ó¥Á¥§¥Ã¥¯
+    if (!preg_match("|^$site_url|", $check_url) && !preg_match("|^/|", $check_url)) {
+    // $arrValidUrl¤Ë¥Þ¥Ã¥Á¤·¤Ê¤¤¾ì¹ç¤ÏÉÔÀµ¤ÊURL
+    $match = false;
+    foreach ($arrValidUrl as $validUrl) {
+        $pattern = sprintf('/^%s/' , preg_quote($validUrl, '/'));
+        gfPrintLog($pattern . ':' . $targetUrl);
+        if ( preg_match($pattern, $targetUrl) ) {
+            $match = true;
+            break;
+        }
+    }
+    if (!$match) return false;
+    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¤ò´Þ¤à¾ì¹ç¤ÏÉÔÀµ¤ÊURL
+    $pattern = '/\r|\n|\0|%0D|%0A|%00/';
+    if (preg_match_all($pattern, $targetUrl, $matches)) {
         return false;
+    }
+    // ²þ¹Ô¥³¡¼¥É(CR¡¦LF)¡¦NULL¥Ð¥¤¥È¥Á¥§¥Ã¥¯
+    $pattern = '/\r|\n|\0|%0D|%0A|%00/';
+    if (preg_match_all($pattern, $check_url, $matches) > 0) {
+        return false;
+    }
     return true;
+}

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 15314 for branches/rel

Legend:

branches/rel/html/frontparts/login_check.php

Download in other formats: