[Svn-src-all:3596] [version-2_12_3 22508] #2103 モバイルのclasscategory_idのエスケープ漏れを修正

h_yoshimoto admin @ mail.ec-cube.net
2013年 2月 6日 (水) 20:42:11 JST 

Subversion committed to /home/svn/open 22508
http://svn.ec-cube.net/open_trac/changeset/22508
┌────────────────────────────┐
│更新者 :  h_yoshimoto                                  │
│更新日時:  2013-02-06 20:42:11 +0900 (水, 06  2月 2013)│
└────────────────────────────┘

Log:
--------------------------------------------------------
#2103 モバイルのclasscategory_idのエスケープ漏れを修正

Changed:                      [U:修正,A:追加,D:削除]
--------------------------------------------------------
U   branches/version-2_12_3/data/Smarty/templates/mobile/products/select_find2.tpl
U   branches/version-2_12_3/data/Smarty/templates/mobile/products/select_item.tpl

変更: branches/version-2_12_3/data/Smarty/templates/mobile/products/select_find2.tpl
===================================================================
--- branches/version-2_12_3/data/Smarty/templates/mobile/products/select_find2.tpl	2013-02-06 11:32:57 UTC (rev 22507)
+++ branches/version-2_12_3/data/Smarty/templates/mobile/products/select_find2.tpl	2013-02-06 11:42:11 UTC (rev 22508)
@@ -36,7 +36,7 @@
             <!--{html_options options=$arrClassCat2 selected=$arrForm.classcategory_id2.value}-->
         </select><br>
         <input type="hidden" name="mode" value="selectItem">
-        <input type="hidden" name="classcategory_id1" value="<!--{$arrForm.classcategory_id1.value}-->">
+        <input type="hidden" name="classcategory_id1" value="<!--{$arrForm.classcategory_id1.value|h}-->">
         <input type="hidden" name="product_id" value="<!--{$tpl_product_id}-->">
         <center><input type="submit" name="submit" value="次へ"></center>
     </form>

変更: branches/version-2_12_3/data/Smarty/templates/mobile/products/select_item.tpl
===================================================================
--- branches/version-2_12_3/data/Smarty/templates/mobile/products/select_item.tpl	2013-02-06 11:32:57 UTC (rev 22507)
+++ branches/version-2_12_3/data/Smarty/templates/mobile/products/select_item.tpl	2013-02-06 11:42:11 UTC (rev 22508)
@@ -33,8 +33,8 @@
         <input type="hidden" name="<!--{$smarty.const.TRANSACTION_ID_NAME}-->" value="<!--{$transactionid}-->">
         <input type="text" name="quantity" size="3" value="<!--{$arrForm.quantity.value|default:1|h}-->" maxlength=<!--{$smarty.const.INT_LEN}--> istyle="4"><br>
         <input type="hidden" name="mode" value="cart">
-        <input type="hidden" name="classcategory_id1" value="<!--{$arrForm.classcategory_id1.value}-->">
-        <input type="hidden" name="classcategory_id2" value="<!--{$arrForm.classcategory_id2.value}-->">
+        <input type="hidden" name="classcategory_id1" value="<!--{$arrForm.classcategory_id1.value|h}-->">
+        <input type="hidden" name="classcategory_id2" value="<!--{$arrForm.classcategory_id2.value|h}-->">
         <input type="hidden" name="product_id" value="<!--{$tpl_product_id}-->">
         <input type="hidden" name="product_class_id" value="<!--{$tpl_product_class_id}-->">
         <input type="hidden" name="product_type" value="<!--{$tpl_product_type}-->">

Svn-src-all メーリングリストの案内