Changeset 16077 for branches/comu-utf8/html
- Timestamp:
- 2007/09/27 12:33:29 (19 years ago)
- Location:
- branches/comu-utf8/html
- Files:
-
- 8 edited
-
admin/products/upload_csv.php (modified) (1 diff)
-
frontparts/login_check.php (modified) (2 diffs)
-
input_zip.php (modified) (2 diffs)
-
install/user_data/include/bloc/cart.tpl (modified) (1 diff)
-
install/user_data/templates/default1/include/bloc/cart.tpl (modified) (1 diff)
-
install/user_data/templates/default1/templates/detail.tpl (modified) (2 diffs)
-
mobile/entry/index.php (modified) (2 diffs)
-
mobile/shopping/complete.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/comu-utf8/html/admin/products/upload_csv.php
r15099 r16077 114 114 echo "<font color=\"red\">■" . $line . "行目でエラーが発生しました。</font></br>\n"; 115 115 foreach($arrCSVErr as $val) { 116 echo "<font color=\"red\"> $val</font></br>\n";116 echo "<font color=\"red\">" . htmlspecialchars($val, ENT_QUOTES) . "</font></br>\n"; 117 117 } 118 118 $err = true; -
branches/comu-utf8/html/frontparts/login_check.php
r15099 r16077 59 59 // ログイン情報の解放 60 60 $objCustomer->EndSession(); 61 $mypage_url_search = strpos('.'.$_POST['url'], "mypage");62 61 //マイページログイン中はログイン画面へ移行 63 if ( $mypage_url_search == 2){62 if ( preg_match('/mypage/', $_POST['url']) ){ 64 63 header("Location: /mypage/login.php"); 65 64 }else{ … … 81 80 /* POSTされるURLのチェック*/ 82 81 function lfIsValidURL() { 83 $ site_url = sfIsHTTPS() ? SSL_URL : SITE_URL;84 $ check_url = trim($_POST['url']);82 $arrValidUrl = array(SSL_URL, SITE_URL, '/'); 83 $targetUrl = $_POST['url']; 85 84 86 // ドメインチェック 87 $pattern = "|^$site_url|"; 88 if (!preg_match($pattern, $check_url)) { 89 return false; 85 // $arrValidUrlにマッチしない場合は不正なURL 86 $match = false; 87 foreach ($arrValidUrl as $validUrl) { 88 $pattern = sprintf('/^%s/' , preg_quote($validUrl, '/')); 89 gfPrintLog($pattern . ':' . $targetUrl); 90 if ( preg_match($pattern, $targetUrl) ) { 91 $match = true; 92 break; 93 } 90 94 } 95 if (!$match) return false; 91 96 92 // 改行コード(CR・LF)・NULLバイト チェック97 // 改行コード(CR・LF)・NULLバイトを含む場合は不正なURL 93 98 $pattern = '/\r|\n|\0|%0D|%0A|%00/'; 94 if (preg_match_all($pattern, $ check_url, $matches)) {99 if (preg_match_all($pattern, $targetUrl, $matches)) { 95 100 return false; 96 101 } -
branches/comu-utf8/html/input_zip.php
r15099 r16077 56 56 // 郵便番号が発見された場合 57 57 if(count($data_list) > 0) { 58 lfCheckInput(); 58 59 $func = "fnPutAddress('" . $_GET['input1'] . "','" . $_GET['input2']. "');"; 59 60 $objPage->tpl_onload = "$func"; … … 70 71 function fnErrorCheck() { 71 72 // エラーメッセージ配列の初期化 72 $objErr = new SC_CheckError( );73 $objErr = new SC_CheckError($_GET); 73 74 74 75 // 郵便番号 75 $objErr->doFunc( array("郵便番号1",'zip1',ZIP01_LEN ) ,array( "NUM_C OUNT_CHECK" ) );76 $objErr->doFunc( array("郵便番号2",'zip2',ZIP02_LEN ) ,array( "NUM_C OUNT_CHECK" ) );76 $objErr->doFunc( array("郵便番号1",'zip1',ZIP01_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) ); 77 $objErr->doFunc( array("郵便番号2",'zip2',ZIP02_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) ); 77 78 78 79 return $objErr->arrErr; 79 80 } 80 81 82 /** 83 * input1,2の入力チェック 84 * 英数字アンダーバー以外が入力された場合、 85 * 不正なアクセスとみなしエラー画面へ遷移 86 * @param void 87 * @return void 88 */ 89 function lfCheckInput(){ 90 $pattern = "/^[0-9a-z_]+$/"; 91 foreach (array('input1', 'input2') as $key_name) { 92 $ret = preg_match_all($pattern, $_GET[$key_name], $matches); 93 if (!$ret) { 94 $msg = sprintf('invalid param: $_GET[%s]="%s"', $key_name, $_GET[$key_name]); 95 gfPrintLog($msg); 96 sfDispSiteError(''); 97 } 98 } 99 } 81 100 ?> -
branches/comu-utf8/html/install/user_data/include/bloc/cart.tpl
r15099 r16077 21 21 <td class="fs12"><span class="redst">合計:<!--{$arrCartList.0.ProductsTotal|number_format|default:0}-->円</span></td> 22 22 </tr> 23 <tr><td height="5"><!--{$arrCartList.0.free_rule}--></td></tr>24 23 25 24 <!-- カゴの中に商品がある場合にのみ表示 --> -
branches/comu-utf8/html/install/user_data/templates/default1/include/bloc/cart.tpl
r15099 r16077 21 21 <td class="fs12"><span class="redst">合計:<!--{$arrCartList.0.ProductsTotal|number_format|default:0}-->円</span></td> 22 22 </tr> 23 <tr><td height="5"></td></tr>24 23 25 24 <!-- カゴの中に商品がある場合にのみ表示 --> -
branches/comu-utf8/html/install/user_data/templates/default1/templates/detail.tpl
r15099 r16077 316 316 <!--お客様の声ここまで--> 317 317 318 <!--{if $arrTrackbackView == "ON"}--> 319 <!--▼トラックバックここから--> 320 <table width="580" border="0" cellspacing="0" cellpadding="0" summary=" "> 321 <tr> 322 <td><img src="<!--{$smarty.const.URL_DIR}-->img/products/title_tb.jpg" width="580" height="30" alt="この商品に対するトラックバック"></td> 323 </tr> 324 <tr><td height="10"></td></tr> 325 <tr> 326 <td class="fs12"><strong>この商品のトラックバック先URL</strong></td> 327 </tr> 328 <tr><td height="5"></td></tr> 329 <tr> 330 <td class="fs12"><input type="text" name="trackback" value="<!--{$trackback_url}-->" size="100"></td> 331 </tr> 332 <!--{if $arrTrackback}--> 333 <tr><td height="5"></td></tr> 334 <!--{section name=cnt loop=$arrTrackback}--> 335 <tr> 336 <td class="fs12"><strong><!--{$arrTrackback[cnt].create_date|sfDispDBDate:false}--> <a href="<!--{$arrTrackback[cnt].url}-->" target="_blank"><!--{$arrTrackback[cnt].title|escape}--></a> from <!--{$arrTrackback[cnt].blog_name|escape}--></strong></td> 337 </tr> 338 <tr><td height="5"></td></tr> 339 <tr> 340 <td class="fs12"><!--{$arrTrackback[cnt].excerpt|escape|mb_strimwidth:0:200:"..."}--></td> 341 </tr> 342 343 <!--{if !$smarty.section.cnt.last}--> 344 <tr><td height="20"><img src="<!--{$smarty.const.URL_DIR}-->img/common/line_580.gif" width="580" height="1" alt=""></td></tr> 345 <!--{/if}--> 346 347 <!--{/section}--> 348 <!--{/if}--> 349 350 <tr><td height="30"></td></tr> 351 </table> 352 <!--▲トラックバックここまで--> 353 <!--{/if}--> 354 318 355 <!--{if $arrRecommend}--> 319 356 <!--▼オススメ商品ここから--> … … 345 382 <!--{assign var=image_path value="`$smarty.const.NO_IMAGE_DIR`"}--> 346 383 <!--{/if}--> 347 <img src="<!--{$smarty.const.SITE_URL}-->resize_image.php?image=<!--{$image_path|sfRmDupSlash}-->&width=65&height=65" alt="<!--{$arrRecommend[cnt].name|escape}-->"></a></td> 384 <img src="<!--{$smarty.const.SITE_URL}-->resize_image.php?image=<!--{$image_path|sfRmDupSlash}-->&width=65&height=65" alt="<!--{$arrRecommend[cnt].name|escape}-->"></a> 385 </td> 348 386 <td align="right"> 349 387 <table width="145" border="0" cellspacing="0" cellpadding="0" summary=" "> -
branches/comu-utf8/html/mobile/entry/index.php
r15099 r16077 143 143 $checkVal = array("sex", "year", "month", "day", "zip01", "zip02"); 144 144 } else { 145 $checkVal = array("pref", "addr01", "addr02", "tel01", "tel02", "tel03", "mail _flag");145 $checkVal = array("pref", "addr01", "addr02", "tel01", "tel02", "tel03", "mailmaga_flg"); 146 146 } 147 147 … … 174 174 175 175 //メール受け取り 176 if (strtolower($objPage->arrForm['mail _flag']) == "on") {177 $objPage->arrForm['mail _flag'] = "2";176 if (strtolower($objPage->arrForm['mailmaga_flg']) == "on") { 177 $objPage->arrForm['mailmaga_flg'] = "2"; 178 178 } else { 179 $objPage->arrForm['mail _flag'] = "3";179 $objPage->arrForm['mailmaga_flg'] = "3"; 180 180 } 181 181 -
branches/comu-utf8/html/mobile/shopping/complete.php
r15099 r16077 45 45 // ユーザユニークIDの取得と購入状態の正当性をチェック 46 46 $uniqid = sfCheckNormalAccess($objSiteSess, $objCartSess); 47 47 48 if ($uniqid != "") { 48 49
Note: See TracChangeset
for help on using the changeset viewer.
