Changeset 17383


Ignore:
Timestamp:
2008/06/30 12:35:41 (13 years ago)
Author:
satou
Message:

#314 商品レビュー投稿フォームの脆弱性対策を施しました。

Location:
branches/version-2/data
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/version-2/data/Smarty/templates/default/products/review.tpl

    r17334 r17383  
    4444          <tr> 
    4545            <th>ホームページアドレス</th> 
    46             <td><span class="attention"><!--{$arrErr.reviewer_url}--></span><input type="text" name="reviewer_url" value="<!--{$arrForm.reviewer_url}-->" maxlength="<!--{$smarty.const.MTEXT_LEN}-->" style="<!--{$arrErr.reviewer_url|sfGetErrorColor}-->" size="40" class="box350" /></td> 
     46            <td><span class="attention"><!--{$arrErr.reviewer_url}--></span><input type="text" name="reviewer_url" value="<!--{$arrForm.reviewer_url|escape}-->" maxlength="<!--{$smarty.const.MTEXT_LEN}-->" style="<!--{$arrErr.reviewer_url|sfGetErrorColor}-->" size="40" class="box350" /></td> 
    4747          </tr> 
    4848          <tr> 
  • branches/version-2/data/class/pages/products/LC_Page_Products_Review.php

    r16741 r17383  
    187187        $objErr->doFunc(array("商品ID", "product_id", INT_LEN), array("EXIST_CHECK", "MAX_LENGTH_CHECK")); 
    188188        $objErr->doFunc(array("投稿者名", "reviewer_name", STEXT_LEN), array("EXIST_CHECK", "SPTAB_CHECK", "MAX_LENGTH_CHECK")); 
    189         $objErr->doFunc(array("URL", "reviewer_url", MTEXT_LEN), array("MAX_LENGTH_CHECK", "URL_CHECK")); 
     189        $objErr->doFunc(array("URL", "reviewer_url", MTEXT_LEN), array("NO_SPTAB", "SPTAB_CHECK", "MAX_LENGTH_CHECK", "URL_CHECK")); 
    190190        $objErr->doFunc(array("おすすめレベル", "recommend_level"), array("SELECT_CHECK")); 
    191191        $objErr->doFunc(array("タイトル", "title", STEXT_LEN), array("EXIST_CHECK", "SPTAB_CHECK", "MAX_LENGTH_CHECK")); 
Note: See TracChangeset for help on using the changeset viewer.