[Svn-src-all:2737] [version-2_12-dev 21636] #1697 (LC_Page_Mypage_History au用のセッションキーの受け渡し方法が不適切)

Seasoft admin @ mail.ec-cube.net
2012年 3月 13日 (火) 01:20:56 JST 

Subversion committed to /home/svn/open 21636
http://svn.ec-cube.net/open_trac/changeset/21636
┌────────────────────────────┐
│更新者 :  Seasoft                                      │
│更新日時:  2012-03-13 01:20:55 +0900 (火, 13  3月 2012)│
└────────────────────────────┘

Log:
--------------------------------------------------------
#1697 (LC_Page_Mypage_History au用のセッションキーの受け渡し方法が不適切)
#1613 (typo修正・ソース整形・ソースコメントの改善)
  * HTML エスケープ漏れ

Changed:                      [U:修正,A:追加,D:削除]
--------------------------------------------------------
U   branches/version-2_12-dev/data/Smarty/templates/mobile/mypage/history.tpl
U   branches/version-2_12-dev/data/class/pages/mypage/LC_Page_Mypage_History.php

変更: branches/version-2_12-dev/data/Smarty/templates/mobile/mypage/history.tpl
===================================================================
--- branches/version-2_12-dev/data/Smarty/templates/mobile/mypage/history.tpl	2012-03-12 08:30:31 UTC (rev 21635)
+++ branches/version-2_12-dev/data/Smarty/templates/mobile/mypage/history.tpl	2012-03-12 16:20:55 UTC (rev 21636)
@@ -48,9 +48,9 @@
         <!--{if $orderDetail.product_type_id == $smarty.const.PRODUCT_TYPE_DOWNLOAD}-->
             <!--{if $orderDetail.is_downloadable}-->
                 <!--{if $isAU == false}-->
-                    <a target="_self" href="<!--{$smarty.const.ROOT_URLPATH}-->mypage/download.php?order_id=<!--{$tpl_arrOrderData.order_id}-->&product_id=<!--{$orderDetail.product_id}-->&product_class_id=<!--{$orderDetail.product_class_id}-->">ダウンロード</a><br>
+                    <a target="_self" href="<!--{$smarty.const.ROOT_URLPATH}-->mypage/download.php?order_id=<!--{$tpl_arrOrderData.order_id}-->&amp;product_id=<!--{$orderDetail.product_id}-->&amp;product_class_id=<!--{$orderDetail.product_class_id}-->">ダウンロード</a><br>
                 <!--{else}-->
-                    <object data="<!--{$smarty.const.ROOT_URLPATH}-->mypage/download.php?order_id=<!--{$tpl_arrOrderData.order_id}-->&product_id=<!--{$orderDetail.product_id}-->&product_class_id=<!--{$orderDetail.product_class_id}-->&PHPSESSID=<!--{$phpsessid}-->" copyright="no" standby="ダウンロード" type="<!--{$orderDetail.mime_type}-->">
+                    <object data="<!--{$smarty.const.ROOT_URLPATH}-->mypage/download.php?order_id=<!--{$tpl_arrOrderData.order_id}-->&amp;product_id=<!--{$orderDetail.product_id}-->&amp;product_class_id=<!--{$orderDetail.product_class_id}-->&amp;<!--{$smarty.const.SID}-->" copyright="no" standby="ダウンロード" type="<!--{$orderDetail.mime_type}-->">
                         <param name="title" value="<!--{$orderDetail.down_filename}-->" valuetype="data">
                     </object><br>
                 <!--{/if}-->

変更: branches/version-2_12-dev/data/class/pages/mypage/LC_Page_Mypage_History.php
===================================================================
--- branches/version-2_12-dev/data/class/pages/mypage/LC_Page_Mypage_History.php	2012-03-12 08:30:31 UTC (rev 21635)
+++ branches/version-2_12-dev/data/class/pages/mypage/LC_Page_Mypage_History.php	2012-03-12 16:20:55 UTC (rev 21636)
@@ -207,7 +207,10 @@
         if (SC_Display_Ex::detectDevice() == DEVICE_TYPE_MOBILE && SC_MobileUserAgent::getCarrier() == 'ezweb') {
             // MIMETYPE、ファイル名のセット
             $this->tpl_arrOrderDetail = $this->lfSetMimetype($arrOrderDetails);
+
+            // @deprecated 2.12.0 PHP 定数 SID を使うこと
             $this->phpsessid = $_GET['PHPSESSID'];
+
             $this->isAU = true;
         }
     }

Svn-src-all メーリングリストの案内