[Svn-src-all:3912] [version-2_12-dev 22826] #2249 ログイン処理修正

2013年 5月 20日 (月) 14:54:22 JST

Subversion committed to /home/svn/open 22826
http://svn.ec-cube.net/open_trac/changeset/22826
┌────────────────────────────┐
│更新者　:  m_uehara                                     │
│更新日時:  2013-05-20 14:54:22 +0900 (月, 20  5月 2013)│
└────────────────────────────┘

Log:
--------------------------------------------------------
#2249 ログイン処理修正

Changed:                      [U:修正，A:追加，D:削除]
--------------------------------------------------------
U   branches/version-2_12-dev/data/class/helper/SC_Helper_Session.php

変更: branches/version-2_12-dev/data/class/helper/SC_Helper_Session.php
===================================================================

--- branches/version-2_12-dev/data/class/helper/SC_Helper_Session.php	2013-05-19 20:42:41 UTC (rev 22825)
+++ branches/version-2_12-dev/data/class/helper/SC_Helper_Session.php	2013-05-20 05:54:22 UTC (rev 22826)
@@ -215,20 +215,24 @@
      * @return void
      */
     function adminAuthorization() {
-        $masterData = new SC_DB_MasterData_Ex();
-        $arrExcludes = $masterData->getMasterData('mtb_auth_excludes');
-        if (preg_match('|^' . ROOT_URLPATH . ADMIN_DIR . '|', $_SERVER['SCRIPT_NAME'])) {
-            $is_auth = true;
-
-            foreach ($arrExcludes as $exclude) {
-                if (preg_match('|^' . ROOT_URLPATH . ADMIN_DIR . $exclude . '|', $_SERVER['SCRIPT_NAME'])) {
-                    $is_auth = false;
-                    break;
+        if (($script_path = realpath($_SERVER['SCRIPT_FILENAME'])) !== FALSE) {
+            $arrScriptPath = explode('/', str_replace('\\', '/', $script_path));
+            $arrAdminPath = explode('/', str_replace('\\', '/', substr(HTML_REALDIR . ADMIN_DIR, 0, -1)));
+            $arrDiff = array_diff_assoc($arrAdminPath, $arrScriptPath);
+            if (in_array(substr(ADMIN_DIR, 0, -1), $arrDiff)) {
+                return;
+            } else {
+                $masterData = new SC_DB_MasterData_Ex();
+                $arrExcludes = $masterData->getMasterData('mtb_auth_excludes');
+                foreach ($arrExcludes as $exclude) {
+                    $arrExcludesPath = explode('/', str_replace('\\', '/', HTML_REALDIR . ADMIN_DIR . $exclude));
+                    $arrDiff = array_diff_assoc($arrExcludesPath, $arrScriptPath);
+                    if (count($arrDiff) === 0) {
+                        return;
+                    }
                 }
             }
-            if ($is_auth) {
-                SC_Utils_Ex::sfIsSuccess(new SC_Session_Ex());
-            }
         }
+        SC_Utils_Ex::sfIsSuccess(new SC_Session_Ex());
     }
 }


