Changeset 23269
- Timestamp:
- 2013/11/18 11:02:17 (13 years ago)
- Location:
- branches/version-2_13_1/data/class
- Files:
-
- 2 edited
-
pages/admin/contents/LC_Page_Admin_Contents_FileManager.php (modified) (2 diffs)
-
util/SC_Utils.php (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
branches/version-2_13_1/data/class/pages/admin/contents/LC_Page_Admin_Contents_FileManager.php
r23154 r23269 127 127 $this->setDispError('select_file', $disp_error); 128 128 } else { 129 // ファイルダウンロード 130 $objFileManager->sfDownloadFile($objFormParam->getValue('select_file')); 131 SC_Response_Ex::actionExit(); 132 } 129 $path_exists = SC_Utils::checkFileExistsWithInBasePath($objFormParam->getValue('select_file'),USER_REALDIR); 130 if ($path_exists) { 131 // ファイルダウンロード 132 $objFileManager->sfDownloadFile($objFormParam->getValue('select_file')); 133 SC_Response_Ex::actionExit(); 134 } 135 } 133 136 } 134 137 break; … … 139 142 $objFormParam->setParam($this->createSetParam($_POST)); 140 143 $objFormParam->convParam(); 141 142 144 $this->arrErr = $objFormParam->checkError(); 143 if (SC_Utils_Ex::isBlank($this->arrErr)) { 145 $path_exists = SC_Utils::checkFileExistsWithInBasePath($objFormParam->getValue('select_file'),USER_REALDIR); 146 if (SC_Utils_Ex::isBlank($this->arrErr) && ($path_exists)) { 144 147 $objFileManager->deleteFile($objFormParam->getValue('select_file')); 145 148 } -
branches/version-2_13_1/data/class/util/SC_Utils.php
r23124 r23269 2092 2092 return array_reverse($arrTrail); 2093 2093 } 2094 2095 /** 2096 * Obtain the parts of path that are not the same and confirm if file exists 2097 * by reconstructing path with base path. 2098 * 2099 * @param string $file 2100 * @param string $base_path 2101 * @return bool true = exists / false does not exist 2102 */ 2103 public function checkFileExistsWithInBasePath($file,$base_path) 2104 { 2105 $arrPath = explode('/', str_replace('\\', '/',$file)); 2106 $arrBasePath = explode('/', str_replace('\\', '/',$base_path)); 2107 $path_diff = implode("/",array_diff_assoc($arrPath, $arrBasePath)); 2108 return file_exists(realpath(str_replace('..','',$base_path . $path_diff))) ? true : false; 2109 } 2094 2110 }
Note: See TracChangeset
for help on using the changeset viewer.
