[Svn-src-all:880] [version-2_5-dev 19767] #838(PHPソース内でのパラメータ「USER_DIR」の利用不徹底)
Seasoft
admin @ mail.ec-cube.net
2010年 12月 25日 (土) 19:02:43 JST
Subversion committed to /home/svn/open 19767
http://svn.ec-cube.net/open_trac/changeset/19767
┌────────────────────────────┐
│更新者 : Seasoft │
│更新日時: 2010-12-25 19:02:43 +0900 (土, 25 12月 2010)│
└────────────────────────────┘
Log:
--------------------------------------------------------
#838(PHPソース内でのパラメータ「USER_DIR」の利用不徹底)
#494(プラグイン機能)
* 怪しい処理にコメントを追加
Changed: [U:修正,A:追加,D:削除]
--------------------------------------------------------
U branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl
U branches/version-2_5-dev/data/class/SC_Plugin.php
U branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php
U branches/version-2_5-dev/html/install/index.php
変更: branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl 2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl 2010-12-25 10:02:43 UTC (rev 19767)
@@ -33,7 +33,7 @@
<!--{ if $header_prev == "on"}-->
<dic id="design-header-preview">
<!--{if $browser_type == 1 }-->
- <div style="zoom:0.8"><!--{include file="`$smarty.const.HTML_PATH`user_data/include/preview/header.tpl"}--></div>
+ <div style="zoom:0.8"><!--{include file="`$smarty.const.USER_PATH`include/preview/header.tpl"}--></div>
<!--{ else }-->
<span class="attention"><strong>プレビューはIEでのみ表示されます。</strong></span>
<!--{ /if }-->
@@ -64,7 +64,7 @@
<!--{ if $footer_prev == "on"}-->
<div id="design-footer-preview">
<!--{if $browser_type == 1 }-->
- <div style="zoom:0.8"><!--{include file="`$smarty.const.HTML_PATH`/user_data/include/preview/footer.tpl"}--></div>
+ <div style="zoom:0.8"><!--{include file="`$smarty.const.USER_PATH`/include/preview/footer.tpl"}--></div>
<!--{ else }-->
<span class="attention"><strong>プレビューはIEでのみ表示されます。</strong></span>
<!--{ /if }-->
変更: branches/version-2_5-dev/data/class/SC_Plugin.php
===================================================================
--- branches/version-2_5-dev/data/class/SC_Plugin.php 2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/class/SC_Plugin.php 2010-12-25 10:02:43 UTC (rev 19767)
@@ -15,8 +15,8 @@
}
function __construct(){
- if(!defined(PLUGIN_PATH)){
- define("PLUGIN_PATH",HTML_PATH."/user_data/plugins/");
+ if (!defined(PLUGIN_PATH)) {
+ define('PLUGIN_PATH', USER_PATH . 'plugins/');
}
$this->init();
}
@@ -56,13 +56,13 @@
function disablePlugin(){
$objQuery = new SC_Query();
- $name = preg_replace("/.php/", "", __FILE__);
+ $name = preg_replace("/.php/", "", __FILE__); // XXX 正規表現エスケープ漏れでは?
$objQuery->update("dtb_plugin", array('enable'=>'0'), "plugin_name = ?", array($name));
}
function enablePlugin(){
$objQuery = new SC_Query();
- $name = preg_replace("/.php/", "", __FILE__);
+ $name = preg_replace("/.php/", "", __FILE__); // XXX 正規表現エスケープ漏れでは?
$objQuery->update("dtb_plugin", array('enable'=>'0'), "plugin_name = ?", array($name));
}
変更: branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php 2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php 2010-12-25 10:02:43 UTC (rev 19767)
@@ -197,7 +197,7 @@
$objCartSess->saveCurrentCart($objSiteSess->getUniqId());
$this->objDisplay->redirect($this->getLocation(
- URL_DIR . 'user_data/gmopg_oneclick_confirm.php', array(), true));
+ URL_DIR . USER_DIR . 'gmopg_oneclick_confirm.php', array(), true));
exit;
}
変更: branches/version-2_5-dev/html/install/index.php
===================================================================
--- branches/version-2_5-dev/html/install/index.php 2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/html/install/index.php 2010-12-25 10:02:43 UTC (rev 19767)
@@ -382,7 +382,7 @@
// プログラムで書込みされるファイル・ディレクトリ
$arrWriteFile = array(
DATA_PATH . "install.php",
- HTML_PATH . "user_data",
+ USER_PATH,
HTML_PATH . "upload",
DATA_PATH . "cache/",
DATA_PATH . "class/",
@@ -504,7 +504,7 @@
$objPage->tpl_mainpage = 'step0_1.tpl';
$objPage->tpl_mode = 'step0_1';
// ファイルコピー
- $objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./user_data/", HTML_PATH . "user_data/", $objPage->copy_mess);
+ $objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./user_data/", USER_PATH, $objPage->copy_mess);
$objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./save_image/", HTML_PATH . "upload/save_image/", $objPage->copy_mess);
return $objPage;
}
Svn-src-all メーリングリストの案内