Index: branches/version-2_5-dev/data/class/SC_SelectSql.php =================================================================== --- branches/version-2_5-dev/data/class/SC_SelectSql.php (revision 18701) +++ branches/version-2_5-dev/data/class/SC_SelectSql.php (revision 18792) @@ -59,6 +59,5 @@ // 検索用 function addSearchStr($val) { - $return = SC_Utils_Ex::sfManualEscape($val); - $return = "%" .$return. "%"; + $return = "%" .$val. "%"; return $return; } Index: branches/version-2_5-dev/data/class/pages/admin/mail/LC_Page_Admin_Mail.php =================================================================== --- branches/version-2_5-dev/data/class/pages/admin/mail/LC_Page_Admin_Mail.php (revision 18788) +++ branches/version-2_5-dev/data/class/pages/admin/mail/LC_Page_Admin_Mail.php (revision 18792) @@ -229,5 +229,5 @@ if (empty($this->arrErr)) { $this->list_data['name'] = isset($this->list_data['name']) - ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; + ? $this->list_data['name'] : ""; // hidden要素作成 $this->arrHidden = $this->lfGetHidden($this->list_data); @@ -300,5 +300,5 @@ // 検索開始 if (empty($this->arrErr)) { - $this->list_data['name'] = isset($this->list_data['name']) ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; + $this->list_data['name'] = isset($this->list_data['name']) ? $this->list_data['name'] : ""; $this->arrHidden = $this->lfGetHidden($this->list_data); // hidden要素作成 @@ -352,5 +352,5 @@ $this->list_data['name'] = isset($this->list_data['name']) - ? SC_Utils_Ex::sfManualEscape($this->list_data['name']) : ""; + ? $this->list_data['name'] : ""; if ( $_POST['mode'] == 'regist_confirm'){ @@ -410,9 +410,7 @@ $from = "dtb_order LEFT JOIN dtb_order_detail USING(order_id)"; $where = "product_code LIKE ? AND del_flg = 0"; - $val = SC_Utils_Ex::sfManualEscape($keyword); - $arrVal[] = "%$val%"; $objQuery = new SC_Query(); $objQuery->setGroupBy("customer_id, order_id"); - $arrRet = $objQuery->select($col, $from, $where, $arrVal); + $arrRet = $objQuery->select($col, $from, $where, array($keyword)); $arrCustomerOrderId = SC_Utils_Ex::sfArrKeyValues($arrRet, "customer_id", "order_id"); } Index: branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products.php =================================================================== --- branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products.php (revision 18789) +++ branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products.php (revision 18792) @@ -159,5 +159,4 @@ $arrval = array(); foreach ($this->arrForm as $key => $val) { - $val = SC_Utils_Ex::sfManualEscape($val); if($val == "") { @@ -200,4 +199,5 @@ break; case 'search_startyear': // 登録更新日(FROM) + // FIXME POST の値をチェックする $date = SC_Utils_Ex::sfGetTimestamp($_POST['search_startyear'], $_POST['search_startmonth'], $_POST['search_startday']); $where.= " AND update_date >= '" . $_POST['search_startyear'] . "/" . $_POST['search_startmonth']. "/" .$_POST['search_startday'] . "'"; Index: branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Review.php =================================================================== --- branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Review.php (revision 18701) +++ branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Review.php (revision 18792) @@ -128,6 +128,4 @@ if (!$this->arrErr){ foreach ($_POST as $key => $val){ - - $val = SC_Utils_Ex::sfManualEscape($val); if($val == "") { Index: branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php =================================================================== --- branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php (revision 18701) +++ branches/version-2_5-dev/data/class/pages/admin/products/LC_Page_Admin_Products_Trackback.php (revision 18792) @@ -117,6 +117,4 @@ foreach ($_POST as $key => $val) { - $val = SC_Utils_Ex::sfManualEscape($val); - if ($val == "") { continue; Index: branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order.php =================================================================== --- branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order.php (revision 18789) +++ branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order.php (revision 18792) @@ -137,5 +137,4 @@ continue; } - $val = SC_Utils_Ex::sfManualEscape($val); $dbFactory = SC_DB_DBFactory::getInstance(); Index: branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_List.php =================================================================== --- branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_List.php (revision 18773) +++ branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_List.php (revision 18792) @@ -346,7 +346,6 @@ if ( strlen($val) > 0 ) { $where .= " AND ( name ILIKE ? OR comment3 ILIKE ?) "; - $ret = SC_Utils_Ex::sfManualEscape($val); - $arrval[] = "%$ret%"; - $arrval[] = "%$ret%"; + $arrval[] = "%$val%"; + $arrval[] = "%$val%"; } } Index: branches/version-2_5-dev/data/class/SC_CustomerList.php =================================================================== --- branches/version-2_5-dev/data/class/SC_CustomerList.php (revision 18789) +++ branches/version-2_5-dev/data/class/SC_CustomerList.php (revision 18792) @@ -317,7 +317,7 @@ //カテゴリーを選択している場合のみ絞込検索を行う if (!isset($this->arrSql['category_id'])) $this->arrSql['category_id'] = ""; - if ( strlen($this->arrSql['category_id']) != ""){ + if ( strlen($this->arrSql['category_id']) > 0){ //カテゴリーで絞込検索を行うSQL文生成 - list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere(SC_Utils_Ex::sfManualEscape($this->arrSql['category_id'])); + list($tmp_where, $tmp_arrval) = $objDb->sfGetCatWhere($this->arrSql['category_id']); //カテゴリーで絞込みが可能の場合 Index: branches/version-2_5-dev/data/class/util/SC_Utils.php =================================================================== --- branches/version-2_5-dev/data/class/util/SC_Utils.php (revision 18789) +++ branches/version-2_5-dev/data/class/util/SC_Utils.php (revision 18792) @@ -994,29 +994,4 @@ /** - * 特殊制御文字の手動エスケープ - * @deprecated ブレースホルダを使用すること - */ - function sfManualEscape($data) { - $objQuery =& SC_Query::getSingletonInstance(); - // 配列でない場合 - if(!is_array($data)) { - $ret = $objQuery->quote($data); - $ret = ereg_replace("%", "\\%", $ret); - $ret = ereg_replace("_", "\\_", $ret); - return $ret; - } - - // 配列の場合 - foreach($data as $val) { - $ret = $objQuery->quote($val); - $ret = ereg_replace("%", "\\%", $ret); - $ret = ereg_replace("_", "\\_", $ret); - $arrRet[] = $ret; - } - - return $arrRet; - } - - /** * ドメイン間で有効なセッションのスタート * 共有SSL対応のための修正により、この関数は廃止します。