[Svn-src-all:880] [version-2_5-dev 19767] #838(PHPソース内でのパラメータ「USER_DIR」の利用不徹底)

Seasoft admin @ mail.ec-cube.net
2010年 12月 25日 (土) 19:02:43 JST 

Subversion committed to /home/svn/open 19767
http://svn.ec-cube.net/open_trac/changeset/19767
┌────────────────────────────┐
│更新者 :  Seasoft                                      │
│更新日時:  2010-12-25 19:02:43 +0900 (土, 25 12月 2010)│
└────────────────────────────┘

Log:
--------------------------------------------------------
#838(PHPソース内でのパラメータ「USER_DIR」の利用不徹底)
#494(プラグイン機能)
  * 怪しい処理にコメントを追加

Changed:                      [U:修正,A:追加,D:削除]
--------------------------------------------------------
U   branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl
U   branches/version-2_5-dev/data/class/SC_Plugin.php
U   branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php
U   branches/version-2_5-dev/html/install/index.php

変更: branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl	2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/design/header.tpl	2010-12-25 10:02:43 UTC (rev 19767)
@@ -33,7 +33,7 @@
   <!--{ if $header_prev == "on"}-->
   <dic id="design-header-preview">
     <!--{if $browser_type == 1 }-->
-      <div style="zoom:0.8"><!--{include file="`$smarty.const.HTML_PATH`user_data/include/preview/header.tpl"}--></div>
+      <div style="zoom:0.8"><!--{include file="`$smarty.const.USER_PATH`include/preview/header.tpl"}--></div>
     <!--{ else }-->
       <span class="attention"><strong>プレビューはIEでのみ表示されます。</strong></span>
     <!--{ /if }-->
@@ -64,7 +64,7 @@
   <!--{ if $footer_prev == "on"}-->
   <div id="design-footer-preview">
     <!--{if $browser_type == 1 }-->
-      <div style="zoom:0.8"><!--{include file="`$smarty.const.HTML_PATH`/user_data/include/preview/footer.tpl"}--></div>
+      <div style="zoom:0.8"><!--{include file="`$smarty.const.USER_PATH`/include/preview/footer.tpl"}--></div>
     <!--{ else }-->
       <span class="attention"><strong>プレビューはIEでのみ表示されます。</strong></span>
     <!--{ /if }-->

変更: branches/version-2_5-dev/data/class/SC_Plugin.php
===================================================================
--- branches/version-2_5-dev/data/class/SC_Plugin.php	2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/class/SC_Plugin.php	2010-12-25 10:02:43 UTC (rev 19767)
@@ -15,8 +15,8 @@
     }
 
     function __construct(){
-        if(!defined(PLUGIN_PATH)){
-            define("PLUGIN_PATH",HTML_PATH."/user_data/plugins/");
+        if (!defined(PLUGIN_PATH)) {
+            define('PLUGIN_PATH', USER_PATH . 'plugins/');
         }
         $this->init();
     }
@@ -56,13 +56,13 @@
 
     function disablePlugin(){
         $objQuery = new SC_Query();
-        $name = preg_replace("/.php/", "", __FILE__);
+        $name = preg_replace("/.php/", "", __FILE__); // XXX 正規表現エスケープ漏れでは?
         $objQuery->update("dtb_plugin", array('enable'=>'0'), "plugin_name = ?", array($name));
     }
 
     function enablePlugin(){
         $objQuery = new SC_Query();
-        $name = preg_replace("/.php/", "", __FILE__);
+        $name = preg_replace("/.php/", "", __FILE__); // XXX 正規表現エスケープ漏れでは?
         $objQuery->update("dtb_plugin", array('enable'=>'0'), "plugin_name = ?", array($name));
     }
 

変更: branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php	2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Detail.php	2010-12-25 10:02:43 UTC (rev 19767)
@@ -197,7 +197,7 @@
                         $objCartSess->saveCurrentCart($objSiteSess->getUniqId());
 
                         $this->objDisplay->redirect($this->getLocation(
-                            URL_DIR . 'user_data/gmopg_oneclick_confirm.php', array(), true));
+                            URL_DIR . USER_DIR . 'gmopg_oneclick_confirm.php', array(), true));
                         exit;
                     }
 

変更: branches/version-2_5-dev/html/install/index.php
===================================================================
--- branches/version-2_5-dev/html/install/index.php	2010-12-25 09:42:20 UTC (rev 19766)
+++ branches/version-2_5-dev/html/install/index.php	2010-12-25 10:02:43 UTC (rev 19767)
@@ -382,7 +382,7 @@
     // プログラムで書込みされるファイル・ディレクトリ
     $arrWriteFile = array(
         DATA_PATH . "install.php",
-        HTML_PATH . "user_data",
+        USER_PATH,
         HTML_PATH . "upload",
         DATA_PATH . "cache/",
         DATA_PATH . "class/",
@@ -504,7 +504,7 @@
     $objPage->tpl_mainpage = 'step0_1.tpl';
     $objPage->tpl_mode = 'step0_1';
     // ファイルコピー
-    $objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./user_data/", HTML_PATH . "user_data/", $objPage->copy_mess);
+    $objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./user_data/", USER_PATH, $objPage->copy_mess);
     $objPage->copy_mess = SC_Utils_Ex::sfCopyDir("./save_image/", HTML_PATH . "upload/save_image/", $objPage->copy_mess);
     return $objPage;
 }

Svn-src-all メーリングリストの案内