[Svn-src-all:1436] [version-2_5-dev 20328] #812(トランザクションIDの自動生成/自動検証)
nanasess
admin @ mail.ec-cube.net
2011年 2月 22日 (火) 20:40:43 JST
Subversion committed to /home/svn/open 20328
http://svn.ec-cube.net/open_trac/changeset/20328
┌────────────────────────────┐
│更新者 : nanasess │
│更新日時: 2011-02-22 20:40:42 +0900 (火, 22 2月 2011)│
└────────────────────────────┘
Log:
--------------------------------------------------------
#812(トランザクションIDの自動生成/自動検証)
* トランザクションIDを自動生成/自動検証するように修正
* PC は JavaScript で hidden フィールドを自動生成
* モバイルは, すべての POST フォームに hidden タグを手動で埋め込み
* 小画面は, doValidToken() をオーバーライドして個別対応
Changed: [U:修正,A:追加,D:削除]
--------------------------------------------------------
U branches/version-2_5-dev/data/Smarty/templates/admin/admin_popup_header.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/contents/csv.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_complete.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/customer/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/customer/search_customer.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/login.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/login_frame.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/main_frame.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log_detail.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/settings.tpl
U branches/version-2_5-dev/data/Smarty/templates/admin/system/input.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/entry/confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/entry/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/forgot/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/forgot/secret.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/frontparts/bloc/login.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/mypage/change.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/mypage/login.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/mypage/refusal_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/popup_header.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/products/review.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/products/review_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/shopping/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/shopping/multiple.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/shopping/nonmember_input.tpl
U branches/version-2_5-dev/data/Smarty/templates/default/site_frame.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/cart/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/entry/email_mobile.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/change_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/delivery_addr.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/history.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/products/detail.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find1.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find2.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_item.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/deliv.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/multiple.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/payment.tpl
U branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/select_deliv.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/entry/confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/entry/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/secret.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/login.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/refusal_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/products/review.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/products/review_confirm.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/index.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/multiple.tpl
U branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/nonmember_input.tpl
U branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php
U branches/version-2_5-dev/data/class/pages/LC_Page.php
U branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin.php
U branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Index.php
U branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_CSV.php
U branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_Recommend.php
U branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer.php
U branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php
U branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php
U branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order_ProductSelect.php
U branches/version-2_5-dev/data/class/pages/admin/ownersstore/LC_Page_Admin_OwnersStore_Settings.php
U branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php
U branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry.php
U branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry_Complete.php
U branches/version-2_5-dev/data/class/pages/error/LC_Page_Error.php
U branches/version-2_5-dev/data/class/pages/error/LC_Page_Error_DispError.php
U branches/version-2_5-dev/data/class/pages/forgot/LC_Page_Forgot.php
U branches/version-2_5-dev/data/class/pages/frontparts/LC_Page_FrontParts_LoginCheck.php
U branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Refusal.php
U branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Review.php
U branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping.php
U branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping_Multiple.php
変更: branches/version-2_5-dev/data/Smarty/templates/admin/admin_popup_header.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/admin_popup_header.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/admin_popup_header.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -38,6 +38,11 @@
<script type="text/javascript">//<![CDATA[
<!--{$tpl_javascript}-->
$(function(){
+ var tx = $('<input type="hidden" />')
+ .attr('name', '<!--{$smarty.const.TRANSACTION_ID_NAME}-->')
+ .val('<!--{$transactionid}-->');
+ tx.appendTo('form');
+
<!--{$tpl_onload}-->
});
//]]>
変更: branches/version-2_5-dev/data/Smarty/templates/admin/contents/csv.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/contents/csv.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/contents/csv.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -55,7 +55,6 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="confirm" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="tpl_subno_csv" value="<!--{$tpl_subno_csv|h}-->" />
<div id="admin-contents" class="contents-main">
<!--{if $tpl_is_update}-->
変更: branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -43,7 +43,7 @@
<form name="search_form" method="post" action="">
<input type="hidden" name="mode" value="search" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<!--{foreach from=$arrSearchData key="key" item="item"}-->
<!--{if $key ne "customer_id" && $key ne "mode" && $key ne "edit_customer_id" && $key ne $smarty.const.TRANSACTION_ID_NAME}-->
<!--{if is_array($item)}-->
@@ -60,7 +60,6 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="confirm" />
<input type="hidden" name="customer_id" value="<!--{$arrForm.customer_id|h}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<!-- 検索条件の保持 -->
<!--{foreach from=$arrSearchData key="key" item="item"}-->
変更: branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_complete.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_complete.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_complete.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -35,7 +35,7 @@
<form name="search_form" method="post" action="">
<input type="hidden" name="mode" value="search" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<!--{foreach from=$arrSearchData key="key" item="item"}-->
<!--{if $key ne "customer_id" && $key ne "mode" && $key ne "edit_customer_id" && $key ne $smarty.const.TRANSACTION_ID_NAME}-->
<!--{if is_array($item)}-->
@@ -51,7 +51,7 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="complete_return" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<!-- 検索条件の保持 -->
<!--{foreach from=$arrSearchData key="key" item="item"}-->
<!--{if $key ne "customer_id" && $key ne "mode" && $key ne "edit_customer_id" && $key ne $smarty.const.TRANSACTION_ID_NAME}-->
変更: branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/customer/edit_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -35,7 +35,7 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="complete" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<!--{foreach from=$arrForm key=key item=item}-->
<!--{if $key ne "mode" && $key ne "subm" && $key ne $smarty.const.TRANSACTION_ID_NAME}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->" />
変更: branches/version-2_5-dev/data/Smarty/templates/admin/customer/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/customer/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/customer/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -74,7 +74,7 @@
<div id="customer" class="contents-main">
<form name="search_form" id="search_form" method="post" action="?">
<input type="hidden" name="mode" value="search" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<h2>検索条件設定</h2>
<!--検索条件設定テーブルここから-->
@@ -102,7 +102,6 @@
<!--★★検索結果一覧★★-->
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="search" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="edit_customer_id" value="" />
<input type="hidden" name="search_pageno" value="<!--{$smarty.post.search_pageno|h}-->" />
<!--{foreach from=$smarty.post key="key" item="item"}-->
変更: branches/version-2_5-dev/data/Smarty/templates/admin/customer/search_customer.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/customer/search_customer.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/customer/search_customer.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -42,7 +42,6 @@
<input name="mode" type="hidden" value="search">
<input name="search_pageno" type="hidden" value="">
<input name="customer_id" type="hidden" value="">
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table class="form">
<colgroup width="20%">
変更: branches/version-2_5-dev/data/Smarty/templates/admin/login.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/login.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/login.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -31,7 +31,6 @@
<div id="input-form">
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="login" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<p><label for="login_id">ID</label></p>
<input type="text" name="login_id" size="20" class="box25" />
<p><label for="password">PASSWORD</label></p>
変更: branches/version-2_5-dev/data/Smarty/templates/admin/login_frame.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/login_frame.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/login_frame.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -31,6 +31,19 @@
<script type="text/javascript" src="<!--{$smarty.const.ROOT_URLPATH}-->js/navi.js"></script>
<script type="text/javascript" src="<!--{$smarty.const.ROOT_URLPATH}-->js/jquery-1.4.2.min.js"></script>
<title>管理機能</title>
+<script type="text/javascript">//<![CDATA[
+ <!--{$tpl_javascript}-->
+ $(function(){
+ var tx = $('<input type="hidden" />')
+ .attr('name', '<!--{$smarty.const.TRANSACTION_ID_NAME}-->')
+ .val('<!--{$transactionid}-->');
+ tx.appendTo('form');
+
+ <!--{$tpl_onload}-->
+ });
+//]]>
+</script>
+
</head>
<body>
変更: branches/version-2_5-dev/data/Smarty/templates/admin/main_frame.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/main_frame.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/main_frame.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -46,6 +46,11 @@
<script type="text/javascript">//<![CDATA[
<!--{$tpl_javascript}-->
$(function(){
+ var tx = $('<input type="hidden" />')
+ .attr('name', '<!--{$smarty.const.TRANSACTION_ID_NAME}-->')
+ .val('<!--{$transactionid}-->');
+ tx.appendTo('form');
+
<!--{$tpl_onload}-->
});
//]]>
変更: branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -23,7 +23,7 @@
*}-->
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="register" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<div id="ownersstore" class="contents-main">
<table class="list center">
変更: branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log_detail.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log_detail.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/log_detail.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -23,7 +23,7 @@
*}-->
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="register" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<div id="ownersstore" class="contents-main">
<table class="form">
変更: branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/settings.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/settings.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/ownersstore/settings.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -23,7 +23,7 @@
*}-->
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="register" />
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<div id="ownersstore" class="contents-main">
<!--入力項目ここから-->
変更: branches/version-2_5-dev/data/Smarty/templates/admin/system/input.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/admin/system/input.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/admin/system/input.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -34,7 +34,7 @@
<input type="hidden" name="member_id" value="<!--{$tpl_member_id|h}-->">
<input type="hidden" name="pageno" value="<!--{$tpl_pageno|h}-->">
<input type="hidden" name="old_login_id" value="<!--{$tpl_old_login_id|h}-->">
-<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid|h}-->">
+
<h2>メンバー登録/編集</h2>
<table>
変更: branches/version-2_5-dev/data/Smarty/templates/default/entry/confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/entry/confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/entry/confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -30,7 +30,6 @@
<!--{foreach from=$arrForm key=key item=item}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->" />
<!--{/foreach}-->
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="入力内容確認">
<tr>
変更: branches/version-2_5-dev/data/Smarty/templates/default/entry/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/entry/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/entry/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,7 +28,6 @@
入力されたメールアドレスに、ご連絡が届きますので、本会員になった上でお買い物をお楽しみください。</p>
<!--{/if}-->
<form name="form1" id="form1" method="post" action="?">
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="confirm" />
<table summary="会員登録フォーム">
変更: branches/version-2_5-dev/data/Smarty/templates/default/forgot/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/forgot/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/forgot/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,7 +27,7 @@
<span class="attention">※新しくパスワードを発行いたしますので、お忘れになったパスワードはご利用できなくなります。</span></p>
<form action="?" method="post" name="form1">
<input type="hidden" name="mode" value="mail_check" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<div id="forgot">
<div class="contents">
<div class="mailaddres">
変更: branches/version-2_5-dev/data/Smarty/templates/default/forgot/secret.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/forgot/secret.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/forgot/secret.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -32,7 +32,7 @@
</p>
<form action="?" method="post" name="form1">
<input type="hidden" name="mode" value="secret_check" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<!--{foreach key=key item=item from=$arrForm}-->
<!--{if $key ne 'reminder_answer'}-->
<input type="hidden" name="<!--{$key}-->" value="<!--{$item|h}-->" />
変更: branches/version-2_5-dev/data/Smarty/templates/default/frontparts/bloc/login.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/frontparts/bloc/login.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/frontparts/bloc/login.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -24,7 +24,6 @@
<h2><img src="<!--{$TPL_URLPATH}-->img/title/tit_bloc_login.gif"alt="ログイン" /></h2>
<form name="login_form" id="login_form" method="post" action="<!--{$smarty.const.HTTPS_URL}-->frontparts/login_check.php" onsubmit="return fnCheckLogin('login_form')">
<input type="hidden" name="mode" value="login" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="url" value="<!--{$smarty.server.PHP_SELF|h}-->" />
<div class="bloc_body">
<!--{if $tpl_login}-->
変更: branches/version-2_5-dev/data/Smarty/templates/default/mypage/change.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/mypage/change.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/mypage/change.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -33,7 +33,6 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="confirm" />
<input type="hidden" name="customer_id" value="<!--{$arrForm.customer_id|h}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="会員登録内容変更 " class="delivname">
<!--{include file="`$smarty.const.TEMPLATE_REALDIR`frontparts/form_personal_input.tpl" flgFields=3 emailMobile=true prefix=""}-->
</table>
変更: branches/version-2_5-dev/data/Smarty/templates/default/mypage/login.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/mypage/login.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/mypage/login.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,7 +27,6 @@
<div id="under02column_login">
<form name="login_mypage" id="login_mypage" method="post" action="<!--{$smarty.const.HTTPS_URL}-->frontparts/login_check.php" onsubmit="return fnCheckLogin('login_mypage')">
<input type="hidden" name="mode" value="login" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="url" value="<!--{$smarty.server.PHP_SELF|h}-->" />
<div class="login_area">
変更: branches/version-2_5-dev/data/Smarty/templates/default/mypage/refusal_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/mypage/refusal_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/mypage/refusal_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,7 +27,6 @@
<!--{include file=$tpl_navi}-->
<form name="form1" method="post" action="?">
<input type="hidden" name="mode" value="complete" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div id="mycontents_area">
<h3><!--{$tpl_subtitle|h}--></h3>
変更: branches/version-2_5-dev/data/Smarty/templates/default/popup_header.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/popup_header.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/popup_header.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -35,6 +35,11 @@
<script type="text/javascript">//<![CDATA[
<!--{$tpl_javascript}-->
$(function(){
+ var tx = $('<input type="hidden" />')
+ .attr('name', '<!--{$smarty.const.TRANSACTION_ID_NAME}-->')
+ .val('<!--{$transactionid}-->');
+
+ tx.appendTo('form');
<!--{$tpl_onload}-->
});
//]]>
変更: branches/version-2_5-dev/data/Smarty/templates/default/products/review.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/products/review.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/products/review.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -31,7 +31,6 @@
<form name="form1" method="post" action="?">
<input type="hidden" name="mode" value="confirm" />
<input type="hidden" name="product_id" value="<!--{$arrForm.product_id}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="お客様の声書き込み">
<tr>
<th>商品名</th>
変更: branches/version-2_5-dev/data/Smarty/templates/default/products/review_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/products/review_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/products/review_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -29,7 +29,6 @@
<!--{if $key ne "mode"}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->" /><!--{/if}-->
<!--{/foreach}-->
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="お客様の声書き込み">
<tr>
変更: branches/version-2_5-dev/data/Smarty/templates/default/shopping/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/shopping/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/shopping/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -25,7 +25,6 @@
<h2 class="title"><!--{$tpl_title|h}--></h2>
<form name="member_form" id="member_form" method="post" action="?" onsubmit="return fnCheckLogin('member_form')">
<input type="hidden" name="mode" value="login" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div class="login_area">
<h3>会員登録がお済みのお客様</h3>
@@ -91,7 +90,6 @@
<p class="inputtext">会員登録をせずに購入手続きをされたい方は、下記よりお進みください。</p>
<form name="member_form2" id="member_form2" method="post" action="?">
<input type="hidden" name="mode" value="nonmember" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div class="inputbox">
<div class="btn_area">
<ul>
変更: branches/version-2_5-dev/data/Smarty/templates/default/shopping/multiple.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/shopping/multiple.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/shopping/multiple.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -48,7 +48,6 @@
</p>
<!--{/if}-->
<form name="form1" id="form1" method="post" action="?">
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->" />
<input type="hidden" name="mode" value="confirm" />
<table summary="商品情報">
変更: branches/version-2_5-dev/data/Smarty/templates/default/shopping/nonmember_input.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/shopping/nonmember_input.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/shopping/nonmember_input.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -45,7 +45,6 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="nonmember_confirm" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary=" ">
<tr>
<th>お名前<span class="attention">※</span></th>
変更: branches/version-2_5-dev/data/Smarty/templates/default/site_frame.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/default/site_frame.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/default/site_frame.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -51,6 +51,11 @@
<script type="text/javascript">//<![CDATA[
<!--{$tpl_javascript}-->
$(function(){
+ var tx = $('<input type="hidden" />')
+ .attr('name', '<!--{$smarty.const.TRANSACTION_ID_NAME}-->')
+ .val('<!--{$transactionid}-->');
+ tx.appendTo('form');
+
<!--{$tpl_onload}-->
});
//]]>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/cart/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/cart/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/cart/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -38,6 +38,7 @@
<!--{if count($cartItems) > 0}-->
<!--{foreach from=$cartKeys item=key}-->
<form name="form<!--{$key}-->" id="form<!--{$key}-->" method="post" action="?" utn>
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="confirm">
<input type="hidden" name="cart_no" value="">
<input type="hidden" name="cartKey" value="<!--{$key}-->">
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/entry/email_mobile.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/entry/email_mobile.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/entry/email_mobile.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -26,6 +26,7 @@
<br>
<!--{assign var=key value='email_mobile'}-->
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
▼メールアドレス<br>
<font color="#ff0000"><!--{$arrErr[$key]|default:''}--></font>
<input type="text" name="email_mobile" value="<!--{$arrForm[$key].value|h}-->" size="40" maxlength="<!--{$arrForm[$key].length}-->" istyle="3"><br>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,6 +28,7 @@
<br>
<form action="confirm.php" method="post">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="<!--{$arrForm.type}-->">
<input type="hidden" name="email" value="<!--{$arrForm.mail|h}-->">
■メールアドレス<br>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/magazine/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,6 +27,7 @@
※<!--{if $arrSiteInfo.shop_name != ""}--><!--{$arrSiteInfo.shop_name|h}-->では<!--{/if}-->ご利用規約に従い利用者のアドレスを保護しています。<br>
<br>
<form action="confirm.php" method="post">
+
■登録<br>
<font color="#FF0000"><!--{$arrErr.regist}--></font>
<input type="text" name="regist" value="<!--{$arrForm.regist|h}-->" istyle="3"><br>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/change_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/change_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/change_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -22,6 +22,7 @@
*/
*}-->
<form name="form1" id="form1" method="post" action="?">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="complete">
<!--{foreach from=$arrForm key=key item=item}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->">
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/delivery_addr.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/delivery_addr.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/delivery_addr.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -22,6 +22,7 @@
*/
*}-->
<form name="form1" method="post" action="?">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="edit">
<input type="hidden" name="ParentPage" value="<!--{$ParentPage}-->">
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/history.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/history.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/mypage/history.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -32,6 +32,7 @@
<!--{/if}-->
<form action="order.php" method="post">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="order_id" value="<!--{$tpl_arrOrderData.order_id}-->">
<input type="submit" name="submit" value="再注文">
</form>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/products/detail.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/products/detail.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/products/detail.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -123,6 +123,8 @@
<form name="form1" method="post" action="<!--{$smarty.server.REQUEST_URI|h}-->">
<input type="hidden" name="mode" value="select">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
+
<input type="hidden" name="product_id" value="<!--{$tpl_product_id}-->">
<!--{if $tpl_stock_find}-->
<!--★商品を選ぶ★-->
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find1.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find1.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find1.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,6 +28,7 @@
<font color="#FF0000">※<!--{$tpl_class_name1}-->を入力して下さい。</font><br>
<!--{/if}-->
<form method="post" action="<!--{$smarty.server.REQUEST_URI|h}-->">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<select name="classcategory_id1">
<option value="">選択してください</option>
<!--{html_options options=$arrClassCat1 selected=$arrForm.classcategory_id1.value}-->
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find2.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find2.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_find2.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,6 +28,7 @@
<font color="#FF0000">※<!--{$tpl_class_name2}-->を入力して下さい。</font><br>
<!--{/if}-->
<form method="post" action="<!--{$smarty.server.REQUEST_URI|h}-->">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<select name="classcategory_id2">
<option value="">選択してください</option>
<!--{html_options options=$arrClassCat2 selected=$arrForm.classcategory_id2.value}-->
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_item.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_item.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/products/select_item.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,6 +28,7 @@
<font color="#FF0000">※数量を入力して下さい。</font><br>
<!--{/if}-->
<form method="post" action="<!--{$smarty.server.REQUEST_URI|h}-->">
+ <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="text" name="quantity" size="3" value="<!--{$arrForm.quantity.value|default:1}-->" maxlength=<!--{$smarty.const.INT_LEN}--> istyle="4"><br>
<input type="hidden" name="mode" value="cart">
<input type="hidden" name="classcategory_id1" value="<!--{$arrForm.classcategory_id1.value}-->">
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -22,6 +22,7 @@
*/
*}-->
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="confirm">
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
@@ -115,6 +116,7 @@
<center><input type="submit" value="注文"></center>
</form>
<form action="<!--{$smarty.const.MOBILE_SHOPPING_PAYMENT_URLPATH}-->" method="post">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="">
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
<center><input type="submit" value="戻る"></center>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/deliv.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/deliv.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/deliv.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,6 +28,7 @@
<!--▼CONTENTS-->
<!--{section name=cnt loop=$arrAddr}-->
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
<input type="hidden" name="deli" value="<!--{$smarty.section.cnt.iteration}-->">
<input type="hidden" name="mode" value="customer_addr">
@@ -53,6 +54,7 @@
■新しいお届け先を追加する<br>
<form method="post" action="<!--{$smarty.const.ROOT_URLPATH}-->mypage/delivery_addr.php">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="ParentPage" value="<!--{$smarty.const.DELIV_URLPATH}-->">
<center><input type="submit" value="新規登録"></center>
</form>
@@ -61,6 +63,7 @@
■お届け先を複数指定する<br>
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
<input type="hidden" name="mode" value="multiple">
<center><input type="submit" value="複数お届け先"></center>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -26,6 +26,7 @@
■初めてご注文の方<br>
(新規ご登録)<br>
<form name="member_form" id="member_form" method="post" action="<!--{$smarty.const.MOBILE_URLPATH}-->entry/kiyaku.php">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div align="center"><input type="submit" value="新規登録"></div><br>
</form>
<!--▲まだ会員登録されていないお客様-->
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/multiple.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/multiple.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/multiple.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -51,6 +51,7 @@
<!--{if $tpl_addrmax < $smarty.const.DELIV_ADDR_MAX}-->
<form method="post" action="<!--{$smarty.const.ROOT_URLPATH}-->mypage/delivery_addr.php">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="ParentPage" value="<!--{$smarty.const.MULTIPLE_URLPATH}-->">
一覧にご希望の住所が無い場合は、お届け先を新規登録してください。<br>
<center><input type="submit" value="新規登録"></center>
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/payment.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/payment.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/payment.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -22,6 +22,7 @@
*/
*}-->
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="confirm">
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
<!--{assign var=key value="deliv_id"}-->
変更: branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/select_deliv.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/select_deliv.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/mobile/shopping/select_deliv.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -22,6 +22,7 @@
*/
*}-->
<form method="post" action="?">
+<input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="select_deliv">
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->">
■配送方法 <font color="#FF0000">*</font><br>
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/entry/confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/entry/confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/entry/confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -30,7 +30,6 @@
<!--{foreach from=$arrForm key=key item=item}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->" />
<!--{/foreach}-->
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="入力内容確認">
<tr>
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/entry/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/entry/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/entry/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,7 +28,6 @@
入力されたメールアドレスに、ご連絡が届きますので、本会員になった上でお買い物をお楽しみください。</p>
<!--{/if}-->
<form name="form1" id="form1" method="post" action="?">
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="mode" value="confirm" />
<table summary="会員登録フォーム">
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,7 +27,6 @@
<span class="attention">※新しくパスワードを発行いたしますので、お忘れになったパスワードはご利用できなくなります。</span></p>
<form action="?" method="post" name="form1">
<input type="hidden" name="mode" value="mail_check" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div id="completebox">
<p>メールアドレス: <!--★メールアドレス入力★--><input type="text" name="email" value="<!--{$tpl_login_email|h}-->" size="40" class="box300" style="<!--{$errmsg|sfGetErrorColor}-->; ime-mode: disabled;" /><br />
<br />
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/secret.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/secret.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/forgot/secret.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,7 +28,6 @@
<p><span class="attention">※新しくパスワードを発行いたしますので、お忘れになったパスワードはご利用できなくなります。</span></p>
<form action="?" method="post" name="form1">
<input type="hidden" name="mode" value="secret_check" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<!--{foreach key=key item=item from=$arrForm}-->
<!--{if $key ne 'reminder_answer'}-->
<input type="hidden" name="<!--{$key}-->" value="<!--{$item|h}-->" />
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/login.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/login.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/login.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,8 +27,7 @@
<h2 class="title"><!--{$tpl_title|h}--></h2>
<form name="login_mypage" id="login_mypage" method="post" action="<!--{$smarty.const.HTTPS_URL}-->frontparts/login_check.php" onsubmit="return fnCheckLogin('login_mypage')">
<input type="hidden" name="mode" value="login" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
- <input type="hidden" name="url" value="<!--{$smarty.server.PHP_SELF|h}-->" />
+ <input type="hidden" name="url" value="<!--{$smarty.server.PHP_SELF|h}-->" />
<div class="loginarea">
<h3>会員登録がお済みのお客様</h3>
<p class="inputtext">会員の方は、登録時に入力されたメールアドレスとパスワードでログインしてください。</p>
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/refusal_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/refusal_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/mypage/refusal_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -27,7 +27,6 @@
<!--{include file=$tpl_navi}-->
<form name="form1" method="post" action="?">
<input type="hidden" name="mode" value="complete" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div id="mycontentsarea">
<h3><!--{$tpl_subtitle|h}--></h3>
<div id="completetext">
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/products/review.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/products/review.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/products/review.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -31,7 +31,6 @@
<form name="form1" method="post" action="?">
<input type="hidden" name="mode" value="confirm" />
<input type="hidden" name="product_id" value="<!--{$arrForm.product_id}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="お客様の声書き込み">
<tr>
<th>商品名</th>
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/products/review_confirm.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/products/review_confirm.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/products/review_confirm.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -29,7 +29,6 @@
<!--{if $key ne "mode"}-->
<input type="hidden" name="<!--{$key|h}-->" value="<!--{$item|h}-->" /><!--{/if}-->
<!--{/foreach}-->
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="お客様の声書き込み">
<tr>
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/index.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/index.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/index.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -25,7 +25,6 @@
<h2 class="title"><!--{$tpl_title|h}--></h2>
<form name="member_form" id="member_form" method="post" action="?" onsubmit="return fnCheckLogin('member_form')">
<div class="loginarea">
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<h3>会員登録がお済みのお客様</h3>
<p class="inputtext">会員の方は、登録時に入力されたメールアドレスとパスワードでログインしてください。</p>
<input type="hidden" name="mode" value="login" />
@@ -59,7 +58,6 @@
</form>
<form name="member_form2" id="member_form2" method="post" action="?">
<input type="hidden" name="mode" value="nonmember" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<div class="loginarea">
<h3>まだ会員登録されていないお客様</h3>
<p class="inputtext">会員登録をすると便利なMyページをご利用いただけます。<br />
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/multiple.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/multiple.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/multiple.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -45,7 +45,6 @@
</p>
<!--{/if}-->
<form name="form1" id="form1" method="post" action="?">
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->" />
<input type="hidden" name="mode" value="confirm" />
<!--{foreach from=$items item=item name=cartItem}-->
変更: branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/nonmember_input.tpl
===================================================================
--- branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/nonmember_input.tpl 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/Smarty/templates/sphone/shopping/nonmember_input.tpl 2011-02-22 11:40:42 UTC (rev 20328)
@@ -28,7 +28,6 @@
<form name="form1" id="form1" method="post" action="?">
<input type="hidden" name="mode" value="nonmember_confirm" />
<input type="hidden" name="uniqid" value="<!--{$tpl_uniqid}-->" />
- <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->" />
<table summary="お客様情報入力">
<tr>
<th>お名前<span class="attention">※</span></th>
変更: branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php
===================================================================
--- branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/helper/SC_Helper_Session.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -197,7 +197,6 @@
$ret = true;
}
-
if ($is_unset) {
unset($_SESSION[TRANSACTION_ID_NAME]);
}
変更: branches/version-2_5-dev/data/class/pages/LC_Page.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/LC_Page.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/LC_Page.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -99,6 +99,10 @@
// プラグインクラス生成
$this->objPlugin = new SC_Helper_Plugin_Ex();
$this->objPlugin->preProcess($this);
+
+ // トランザクショントークンの検証と生成
+ $this->doValidToken();
+ $this->setTokenTo();
}
/**
@@ -109,13 +113,6 @@
function process() {}
/**
- * Page のプロセス.(モバイル)
- *
- * @return void
- */
- function mobileProcess() {}
-
- /**
* Page のレスポンス送信.
*
* @return void
@@ -331,6 +328,44 @@
}
/**
+ * POST アクセスの妥当性を検証する.
+ *
+ * 前画面で生成されたトランザクショントークンの妥当性を検証し,
+ * 不正な場合はエラー画面へ遷移する.
+ *
+ * この関数は, 基本的に init() 関数で呼び出され, POST アクセスの場合は自動的に
+ * トランザクショントークンを検証する.
+ * ページによって検証タイミングなどを制御する必要がある場合は, この関数を
+ * オーバーライドし, 個別に設定を行うこと.
+ *
+ * @access protected
+ * @param boolean $is_admin 管理画面でエラー表示をする場合 true
+ * @return void
+ */
+ function doValidToken($is_admin = false) {
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ if (!SC_Helper_Session_Ex::isValidToken()) {
+ if ($is_admin) {
+ SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
+ } else {
+ SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
+ }
+ exit;
+ }
+ }
+ }
+
+ /**
+ * トランザクショントークンを取得し, 設定する.
+ *
+ * @access protected
+ * @return void
+ */
+ function setTokenTo() {
+ $this->transactionid = SC_Helper_Session_Ex::getToken();
+ }
+
+ /**
* デバック出力を行う.
*
* デバック用途のみに使用すること.
変更: branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -66,6 +66,10 @@
// プラグインクラス生成
// $this->objPlagin = new SC_Helper_Plugin_Ex();
// $this->objPlagin->preProcess($this);
+
+ // トランザクショントークンの検証と生成
+ $this->doValidToken(true);
+ $this->setTokenTo();
}
/**
変更: branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Index.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Index.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/LC_Page_Admin_Index.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -72,12 +72,6 @@
* @return void
*/
function action() {
- // 不正アクセスチェック
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispError(LOGIN_ERROR);
- }
- }
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
@@ -97,8 +91,7 @@
default:
break;
}
- // トランザクションID
- $this->transactionid = SC_Helper_Session_Ex::getToken();
+
// 管理者ログインテンプレートフレームの設定
$this->setTemplate(LOGIN_FRAME);
}
変更: branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_CSV.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_CSV.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_CSV.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -75,15 +75,6 @@
// 認証可否の判定
SC_Utils_Ex::sfIsSuccess(new SC_Session());
- // 不正アクセスチェック
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
- }
- }
- // トランザクションID
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
// パラメータ設定
変更: branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_Recommend.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_Recommend.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/contents/LC_Page_Admin_Contents_Recommend.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -129,6 +129,19 @@
parent::destroy();
}
+ /**
+ * トランザクショントークンを unset しないようオーバーライド.
+ *
+ * @return void
+ */
+ function doValidToken() {
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ if (!SC_Helper_Session_Ex::isValidToken(false)) {
+ // SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
+ }
+ }
+ }
+
/**
* パラメータの初期化を行う
* @param Object $objFormParam
変更: branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -92,16 +92,6 @@
// 認証可否の判定
SC_Utils_Ex::sfIsSuccess(new SC_Session());
- // 不正アクセスチェック
- // FIXME: nanasessさんが作り変えて共通化しているようなので暫定で isValidToken(false)
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken(false)) {
- SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
- }
- }
- // トランザクションID
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
// パラメータ設定
@@ -154,6 +144,19 @@
}
/**
+ * トランザクショントークンを unset しないようオーバーライド.
+ *
+ * @return void
+ */
+ function doValidToken() {
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ if (!SC_Helper_Session_Ex::isValidToken(false)) {
+ SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
+ }
+ }
+ }
+
+ /**
* パラメーター情報の初期化
*
* @param array $objFormParam フォームパラメータークラス
変更: branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_Edit.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -88,16 +88,6 @@
// 認証可否の判定
SC_Utils_Ex::sfIsSuccess(new SC_Session());
- // 不正アクセスチェック
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
- exit;
- }
- }
- // トランザクションID
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
// 検索引き継ぎ用パラメーター管理クラス
変更: branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/customer/LC_Page_Admin_Customer_SearchCustomer.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -67,15 +67,6 @@
// 認証可否の判定
SC_Utils_Ex::sfIsSuccess(new SC_Session());
- // 不正アクセスチェック
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
- }
- }
- // トランザクションID
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
// パラメータ設定
変更: branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order_ProductSelect.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order_ProductSelect.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/order/LC_Page_Admin_Order_ProductSelect.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -112,7 +112,7 @@
$this->tpl_javascript .= $this->getTplJavascript($objProduct);
$js_fnOnLoad = $this->getFnOnload($this->arrProducts);
$this->tpl_javascript .= 'function fnOnLoad(){' . $js_fnOnLoad . '}';
- $this->tpl_onload .= 'fnOnLoad(); ';
+ $this->tpl_onload .= 'fnOnLoad();';
// 規格1クラス名
$this->tpl_class_name1 = $objProduct->className1;
// 規格2クラス名
@@ -136,6 +136,19 @@
}
/**
+ * トランザクショントークンを unset しないようオーバーライド.
+ *
+ * @return void
+ */
+ function doValidToken() {
+ if ($_SERVER["REQUEST_METHOD"] == "POST") {
+ if (!SC_Helper_Session_Ex::isValidToken(false)) {
+ SC_Utils_Ex::sfDispError(INVALID_MOVE_ERRORR);
+ }
+ }
+ }
+
+ /**
*
* 商品取得
* @param array $arrProduct_id
変更: branches/version-2_5-dev/data/class/pages/admin/ownersstore/LC_Page_Admin_OwnersStore_Settings.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/ownersstore/LC_Page_Admin_OwnersStore_Settings.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/ownersstore/LC_Page_Admin_OwnersStore_Settings.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -79,9 +79,6 @@
// ログインチェック
SC_Utils::sfIsSuccess(new SC_Session());
- // トランザクションIDの取得
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
switch($this->getMode()) {
// 入力内容をDBへ登録する
case 'register':
@@ -110,9 +107,6 @@
* @return void
*/
function execRegisterMode() {
- if (SC_Helper_Session_Ex::isValidToken() !== true) {
- SC_Utils_Ex::sfDispError('');
- }
// パラメータオブジェクトの初期化
$this->initRegisterMode();
// POSTされたパラメータの検証
@@ -122,7 +116,6 @@
if (!empty($arrErr)) {
$this->arrErr = $arrErr;
$this->arrForm = $this->objForm->getHashArray();
- $this->transactionid = SC_Helper_Session_Ex::getToken();
return;
}
@@ -133,7 +126,6 @@
$this->arrForm = $arrForm;
$this->tpl_onload = "alert('登録しました。')";
- $this->transactionid = SC_Helper_Session_Ex::getToken();
}
/**
変更: branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/admin/system/LC_Page_Admin_System_Input.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -72,9 +72,6 @@
// ログインチェック
SC_Utils::sfIsSuccess(new SC_Session());
- // トランザクショントークンの取得
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// ページ送りの処理 $_REQUEST['pageno']が信頼しうる値かどうかチェックする。
$this->tpl_pageno = $this->lfCheckPageNo($_REQUEST['pageno']);
@@ -111,9 +108,6 @@
* @return void
*/
function execNewMode() {
- if (SC_Helper_Session_Ex::isValidToken() !== true) {
- SC_Utils::sfDispError('');
- }
$this->objForm = $this->initNewMode();
@@ -131,8 +125,6 @@
$this->arrForm['password'] = '';
// エラー情報をセットする
$this->arrErr = $arrErr;
- // トランザクショントークンの取得
- $this->transactionid = SC_Helper_Session_Ex::getToken();
return;
}
@@ -229,8 +221,6 @@
$this->arrForm['password'] = '';
// エラー情報をセットする
$this->arrErr = $arrErr;
- // トランザクショントークンの取得
- $this->transactionid = SC_Helper_Session_Ex::getToken();
return;
}
変更: branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -89,12 +89,6 @@
$_POST["mode"] = "return";
}
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- }
- }
-
switch ($this->getMode()) {
case 'confirm':
//-- 確認
@@ -133,8 +127,6 @@
default:
break;
}
-
- $this->transactionid = SC_Helper_Session_Ex::getToken();
}
/**
変更: branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry_Complete.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry_Complete.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/entry/LC_Page_Entry_Complete.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -62,11 +62,6 @@
* @return void
*/
function action() {
- // transaction check
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- }
-
// カートが空かどうかを確認する。
$objCartSess = new SC_CartSession();
$this->tpl_cart_empty = count($objCartSess->getCartList()) < 1;
変更: branches/version-2_5-dev/data/class/pages/error/LC_Page_Error.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/error/LC_Page_Error.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/error/LC_Page_Error.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -167,5 +167,12 @@
function destroy() {
parent::destroy();
}
+
+ /**
+ * エラーページではトランザクショントークンの自動検証は行わない
+ */
+ function doValidToken() {
+ // queit.
+ }
}
?>
変更: branches/version-2_5-dev/data/class/pages/error/LC_Page_Error_DispError.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/error/LC_Page_Error_DispError.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/error/LC_Page_Error_DispError.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -92,5 +92,12 @@
function destroy() {
parent::destroy();
}
+
+ /**
+ * エラーページではトランザクショントークンの自動検証は行わない
+ */
+ function doValidToken() {
+ // queit.
+ }
}
?>
変更: branches/version-2_5-dev/data/class/pages/forgot/LC_Page_Forgot.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/forgot/LC_Page_Forgot.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/forgot/LC_Page_Forgot.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -85,13 +85,6 @@
* @return void
*/
function action() {
- // 不正アクセスチェック
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- }
- }
-
// パラメータ管理クラス
$objFormParam = new SC_FormParam();
@@ -137,8 +130,6 @@
break;
}
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// ポップアップ用テンプレート設定
if($this->device_type == DEVICE_TYPE_PC) {
$this->setTemplate($this->tpl_mainpage);
変更: branches/version-2_5-dev/data/class/pages/frontparts/LC_Page_FrontParts_LoginCheck.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/frontparts/LC_Page_FrontParts_LoginCheck.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/frontparts/LC_Page_FrontParts_LoginCheck.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -64,12 +64,6 @@
* @return void
*/
function action() {
- // URLチェック
- if ( !SC_Helper_Session_Ex::isValidToken() ) {
- GC_Utils_Ex::gfPrintLog('invalid access :login_check.php $POST["url"]=' . $_POST['url']);
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR);
- }
-
// 会員管理クラス
$objCustomer = new SC_Customer();
// クッキー管理クラス
変更: branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Refusal.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Refusal.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/mypage/LC_Page_Mypage_Refusal.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -70,17 +70,11 @@
break;
case 'complete':
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- }
-
$objCustomer = new SC_Customer();
$this->lfDeleteCustomer($objCustomer->getValue('customer_id'));
$objCustomer->EndSession();
SC_Response_Ex::sendRedirect('refusal_complete.php');
}
- // mobileは確認画面がない
- $this->transactionid = SC_Helper_Session_Ex::getToken();
}
/**
変更: branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Review.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Review.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/products/LC_Page_Products_Review.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -81,12 +81,6 @@
//$objView = new SC_SiteView_Ex();
$objQuery = new SC_Query();
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- }
- }
-
//---- 登録用カラム配列
$arrRegistColumn = array(
array( "column" => "review_id", "convert" => "aKV" ),
@@ -175,7 +169,6 @@
}
- $this->transactionid = SC_Helper_Session_Ex::getToken();
$this->setTemplate($this->tpl_mainpage);
}
変更: branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -105,13 +105,6 @@
}
}
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- exit;
- }
- }
-
switch ($this->getMode()) {
// ログイン実行
case 'login':
@@ -228,8 +221,6 @@
// 入力値の取得
$this->arrForm = $objFormParam->getFormParamList();
- $this->transactionid = SC_Helper_Session_Ex::getToken();
-
// 携帯端末IDが一致する会員が存在するかどうかをチェックする。
if (SC_Display::detectDevice() === DEVICE_TYPE_MOBILE) {
$this->tpl_valid_phone_id = $objCustomer->checkMobilePhoneId();
変更: branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping_Multiple.php
===================================================================
--- branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping_Multiple.php 2011-02-22 08:44:42 UTC (rev 20327)
+++ branches/version-2_5-dev/data/class/pages/shopping/LC_Page_Shopping_Multiple.php 2011-02-22 11:40:42 UTC (rev 20328)
@@ -79,13 +79,6 @@
$objFormParam->setParam($_POST);
$objPurchase->verifyChangeCart($this->tpl_uniqid, $objCartSess);
- if ($_SERVER["REQUEST_METHOD"] == "POST") {
- if (!SC_Helper_Session_Ex::isValidToken()) {
- SC_Utils_Ex::sfDispSiteError(PAGE_ERROR, "", true);
- exit;
- }
- }
-
switch ($this->getMode()) {
case 'confirm':
$this->arrErr = $this->lfCheckError($objFormParam);
@@ -103,7 +96,6 @@
}
$this->arrForm = $objFormParam->getFormParamList();
- $this->transactionid = SC_Helper_Session_Ex::getToken();
}
/**
Svn-src-all メーリングリストの案内