Changeset 16816


Ignore:
Timestamp:
2007/11/28 00:58:19 (16 years ago)
Author:
adachi
Message:

XSS修正

File:
1 edited

Legend:

Unmodified
Added
Removed
 • branches/beta/html/input_zip.php

  r17 r16816  
  5656// ͹ÊØÈֹ椬ȯ¸«¤µ¤ì¤¿¾ì¹ç 
  5757if(count($data_list) > 0) { 
   58    lfCheckInput(); 
  5859    $func = "fnPutAddress('" . $_GET['input1'] . "','" . $_GET['input2']. "');"; 
  5960    $objPage->tpl_onload = "$func"; 
   
  7071function fnErrorCheck() { 
  7172    // ¥¨¥é¡¼¥á¥Ã¥»¡¼¥¸ÇÛÎó¤Î½é´ü²½ 
  72     $objErr = new SC_CheckError(); 
  73      
   73    $objErr = new SC_CheckError($_GET); 
   74 
  7475    // ͹ÊØÈÖ¹æ 
  75     $objErr->doFunc( array("͹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_COUNT_CHECK" ) ); 
  76     $objErr->doFunc( array("͹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_COUNT_CHECK" ) ); 
  77      
   76    $objErr->doFunc( array("͹ÊØÈÖ¹æ1",'zip1',ZIP01_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) ); 
   77    $objErr->doFunc( array("͹ÊØÈÖ¹æ2",'zip2',ZIP02_LEN ) ,array( "NUM_CHECK", "NUM_COUNT_CHECK" ) ); 
   78 
  7879    return $objErr->arrErr; 
  7980} 
  8081 
   82/** 
   83 * input1,2¤ÎÆþÎÏ¥Á¥§¥Ã¥¯ 
   84 * ±Ñ¿ô»ú¥¢¥ó¥À¡¼¥Ð¡¼°Ê³°¤¬ÆþÎϤµ¤ì¤¿¾ì¹ç¡¢ 
   85 * ÉÔÀµ¤Ê¥¢¥¯¥»¥¹¤È¤ß¤Ê¤·¥¨¥é¡¼²èÌ̤ØÁ«°Ü 
   86 * @param void 
   87 * @return void 
   88 */ 
   89function lfCheckInput(){ 
   90    $pattern = "/^[0-9a-z_]+$/"; 
   91    foreach (array('input1', 'input2') as $key_name) { 
   92        $ret = preg_match_all($pattern, $_GET[$key_name], $matches); 
   93        if (!$ret) { 
   94            $msg = sprintf('invalid param: $_GET[%s]="%s"', $key_name, $_GET[$key_name]); 
   95            gfPrintLog($msg); 
   96            sfDispSiteError(''); 
   97        } 
   98    } 
   99} 
  81100?> 
Note: See TracChangeset for help on using the changeset viewer.