svnno****@sourc*****
svnno****@sourc*****
2013年 3月 1日 (金) 16:03:11 JST
Revision: 939
http://sourceforge.jp/projects/p2-php/scm/svn/commits/939
Author: akid
Date: 2013-03-01 16:03:11 +0900 (Fri, 01 Mar 2013)
Log Message:
-----------
p2/ for version 1.8.83
Modified Paths:
--------------
p2/trunk/conf/conf_system.inc.php
p2/trunk/doc/ChangeLog.txt
p2/trunk/editfavita.php
p2/trunk/editfavita_i.php
p2/trunk/info.php
p2/trunk/info_i.php
p2/trunk/iphone/ShowBrdMenuK.php
p2/trunk/iphone/ShowThreadK.php
p2/trunk/iphone/index_print_k.inc.php
p2/trunk/js/htmlpopup.js
p2/trunk/lib/Login.php
p2/trunk/lib/NgAbornCtl.php
p2/trunk/lib/ShowThreadK.php
p2/trunk/lib/ShowThreadPc.php
p2/trunk/lib/ThreadList.php
p2/trunk/lib/index_print_k.inc.php
p2/trunk/lib/menu.inc.php
p2/trunk/login.php
p2/trunk/menu_i.php
p2/trunk/menu_k.php
p2/trunk/setting.php
p2/trunk/subject_new.php
-------------- next part --------------
Modified: p2/trunk/conf/conf_system.inc.php
===================================================================
--- p2/trunk/conf/conf_system.inc.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/conf/conf_system.inc.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -3,7 +3,7 @@
// \x82\xB1\x82̃t\x83@\x83C\x83\x8B\x82́A\x93\xC1\x82ɗ\x9D\x97R\x82̖\xB3\x82\xA2\x8C\xC0\x82\xE8\x95ύX\x82\xB5\x82Ȃ\xA2\x82ʼn\xBA\x82\xB3\x82\xA2\x81B
// include from conf.inc.php
-$_conf['p2version'] = '1.8.82'; // rep2\x82̃o\x81[\x83W\x83\x87\x83\x93
+$_conf['p2version'] = '1.8.83'; // rep2\x82̃o\x81[\x83W\x83\x87\x83\x93
$_conf['p2name'] = 'rep2'; // rep2\x82̖\xBC\x91O\x81B
Modified: p2/trunk/doc/ChangeLog.txt
===================================================================
--- p2/trunk/doc/ChangeLog.txt 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/doc/ChangeLog.txt 2013-03-01 07:03:11 UTC (rev 939)
@@ -1,3 +1,11 @@
+2013/03/01
+ * rep2 version 1.8.83
+
+ [\x8FC\x90\xB3] \x81\x9C\x82ʼnߋ\x8E\x83\x8D\x83O\x82\xF0\x8E擾\x82\xB5\x82\xBD\x8E\x9E\x81A>>1\x82\xAA\x95\\x8E\xA6\x82\xB3\x82ꂸ\x81A\x83\x8C\x83X\x94ԍ\x86\x82\xAA\x82\xB8\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xC1\x82\xBD\x83o\x83O\x82\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B
+ [\x8FC\x90\xB3] \x83X\x83}\x83z\x95\\x8E\xA6\x82Ŕ–\xBC\x82\xAA\x95\xB6\x8E\x9A\x89\xBB\x82\xAF\x82\xB7\x82邱\x82Ƃ\xAA\x82\xA0\x82\xC1\x82\xBD\x82̂\xF0\x8FC\x90\xB3\x82\xB5\x82\xBD\x81B
+ [\x8DX\x90V] \x83\x8C\x83X\x96{\x95\xB6\x82\xCCNG\x82\xA0\x82ځ[\x82\xF1\x91ΏۂƂ\xB5\x82āA\x83\x8C\x83X\x94ԍ\x86\x83\x8A\x83\x93\x83N\x82\xCCHTML\x83R\x81[\x83h\x82\xF0\x8A܂܂Ȃ\xA2\x82悤\x82ɂ\xB5\x82\xBD\x81B
+ [\x8DX\x90V] \x8AO\x95\x94URL\x82\xCCiframe\x82\xC9sandbox\x91\xAE\x90\xAB\x82\xF0\x92lj\xC1\x82\xB5\x82\xBD\x81B
+
2012/12/23
* rep2 version 1.8.82
Modified: p2/trunk/editfavita.php
===================================================================
--- p2/trunk/editfavita.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/editfavita.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -10,7 +10,7 @@
// {{{ \x93\xC1\x8E\xEA\x82ȑO\x8F\x88\x97\x9D
// \x82\xA8\x8BC\x82ɔ‚̒lj\xC1\x81E\x8D폜\x81A\x95\xC0\x82ёւ\xA6
-if (isset($_GET['setfavita']) or isset($_POST['setfavita']) or isset($_POST['submit_listfavita'])) {
+if (isset($_GET['setfavita']) || isset($_POST['setfavita']) || isset($_POST['submit_listfavita'])) {
if (!isset($_REQUEST['csrfid']) || !P2Util::checkCsrfId($_REQUEST['csrfid'])) {
p2die('\x95s\x90\xB3\x82ȃN\x83G\x83\x8A\x81[\x82ł\xB7\x81iCSRF\x91\xF4\x81j');
Modified: p2/trunk/editfavita_i.php
===================================================================
--- p2/trunk/editfavita_i.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/editfavita_i.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -11,7 +11,7 @@
// {{{ \x93\xC1\x8E\xEA\x82ȑO\x8F\x88\x97\x9D
// \x82\xA8\x8BC\x82ɔ‚̒lj\xC1\x81E\x8D폜\x81A\x95\xC0\x82ёւ\xA6
-if (isset($_GET['setfavita']) or isset($_POST['setfavita']) or isset($_POST['submit_listfavita'])) {
+if (isset($_GET['setfavita']) || isset($_POST['setfavita']) || isset($_POST['submit_listfavita'])) {
if (!isset($_REQUEST['csrfid']) || !P2Util::checkCsrfId($_REQUEST['csrfid'])) {
p2die('\x95s\x90\xB3\x82ȃN\x83G\x83\x8A\x81[\x82ł\xB7\x81iCSRF\x91\xF4\x81j');
Modified: p2/trunk/info.php
===================================================================
--- p2/trunk/info.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/info.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -331,7 +331,8 @@
UA::getQueryKey() => UA::getQueryValue()
)
),
- hs('\x8Cf\x8E\xA6\x94\xC2Cookie\x82\xF0\x8D폜')
+ hs('\x8Cf\x8E\xA6\x94\xC2Cookie\x82\xF0\x8D폜'),
+ array('onClick' => "if (!window.confirm('\x8Cf\x8E\xA6\x94\xC2Cookie\x82̍폜\x82\xF0\x8E\xC0\x8Ds\x82\xB5\x82܂\xB7\x82\xA9\x81H')) {return false;}")
));
}
Modified: p2/trunk/info_i.php
===================================================================
--- p2/trunk/info_i.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/info_i.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -346,7 +346,8 @@
UA::getQueryKey() => UA::getQueryValue()
)
),
- hs('\x8Cf\x8E\xA6\x94\xC2Cookie\x82\xF0\x8D폜')
+ hs('\x8Cf\x8E\xA6\x94\xC2Cookie\x82\xF0\x8D폜'),
+ array('onClick' => "if (!window.confirm('\x8Cf\x8E\xA6\x94\xC2Cookie\x82̍폜\x82\xF0\x8E\xC0\x8Ds\x82\xB5\x82܂\xB7\x82\xA9\x81H')) {return false;}")
));
}
Modified: p2/trunk/iphone/ShowBrdMenuK.php
===================================================================
--- p2/trunk/iphone/ShowBrdMenuK.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/iphone/ShowBrdMenuK.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -154,7 +154,26 @@
// \x94–\xBC\x83v\x83\x8A\x83\x93\x83g
if ($i >= $disp_navi['from'] and $i <= $disp_navi['end']) {
-echo "<li><a class=\"plus\"href=\"{$_SERVER['SCRIPT_NAME']}?host={$mita->host}&bbs={$mita->bbs}&itaj_en={$mita->itaj_en}&setfavita=1&view=favita{$_conf['k_at_a']}\" ><img src=\"iui/icon_add.png\"></a> <a href=\"{$_conf['subject_php']}?host={$mita->host}&bbs={$mita->bbs}&itaj_en={$mita->itaj_en}{$_conf['k_at_a']}\" >{$mita->itaj_ht}</a></li>";
+ $uri = UriUtil::buildQueryUri($_SERVER['SCRIPT_NAME'], array(
+ 'host' => $mita->host,
+ 'bbs' => $mita->bbs,
+ 'itaj_en' => $mita->itaj_en,
+ 'setfavita' => '1',
+ 'csrfid' => $csrfid,
+ 'view' => 'favita',
+ UA::getQueryKey() => UA::getQueryValue()
+ ));
+ $add_atag = P2View::tagA($uri, '<img src="iui/icon_add.png">', array('class' => 'plus'));
+
+ $uri = UriUtil::buildQueryUri($_conf['subject_php'], array(
+ 'host' => $mita->host,
+ 'bbs' => $mita->bbs,
+ 'itaj_en' => $mita->itaj_en,
+ UA::getQueryKey() => UA::getQueryValue()
+ ));
+ $subject_atag = P2View::tagA($uri, $mita->itaj_ht, $subject_attr);
+
+ echo '<li>' . $add_atag . ' ' . $subject_atag . "</li>\n";
}
}
@@ -303,13 +322,13 @@
hs($itaj),
$attr
);
-
+
if (UA::isIPhoneGroup()) {
echo '<li>' . $atag . '</li>';
} else {
echo $atag . '<br>';
}
-
+
// [<a href="{$_SERVER['SCRIPT_NAME']}?host={$matches[1]}&bbs={$matches[2]}&setfavita=0&csrfid={$csrfid}&view=favita{$_conf['k_at_a']}">\x8D\xED</a>]
$show_flag = true;
}
Modified: p2/trunk/iphone/ShowThreadK.php
===================================================================
--- p2/trunk/iphone/ShowThreadK.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/iphone/ShowThreadK.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -213,7 +213,9 @@
*/
$aborned_res = "<span id=\"r{$i}\" name=\"r{$i}\"></span>\n";
- if (false !== $this->checkAborns($nameForAborn, $mail, $id, $msg)) {
+ $stripped_msg = NgAbornCtl::stripMsg($msg);
+
+ if (false !== $this->checkAborns($nameForAborn, $mail, $id, $stripped_msg)) {
return $aborned_res;
}
@@ -235,7 +237,7 @@
if (false !== $this->ngAbornCheck('ng_id', $id)) {
$isNgId = true;
}
- if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $msg))) {
+ if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $stripped_msg))) {
$isNgMsg = true;
}
}
@@ -515,8 +517,10 @@
$no_trim_id_flag = false;
+ $stripped_msg = NgAbornCtl::stripMsg($msg);
+
// \x82\xA0\x82ځ[\x82\xF1\x83`\x83F\x83b\x83N
- if (false !== $this->checkAborns($nameForAborn, $mail, $id, $msg)) {
+ if (false !== $this->checkAborns($nameForAborn, $mail, $id, $stripped_msg)) {
$name = $msg = '\x82\xA0\x82ځ[\x82\xF1'; // $date_id
$mail = '';
@@ -536,7 +540,7 @@
if (false !== $this->ngAbornCheck('ng_id', $id)) {
$isNgId = true;
}
- if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $msg))) {
+ if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $stripped_msg))) {
$isNgMsg = true;
}
Modified: p2/trunk/iphone/index_print_k.inc.php
===================================================================
--- p2/trunk/iphone/index_print_k.inc.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/iphone/index_print_k.inc.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -124,9 +124,16 @@
<?php echo P2View::getInputHiddenKTag(); ?>
<input type="submit" name="btnG" value="\x95\\x8E\xA6" onClick="<?php echo $urlform_onClick_ht; ?>">
</form>
+</ul>
-</ul>
+<div>
+rep2۸ݗpURL\x81iPC\x81j<br>
+<a href="<?php eh($p2_login_url_pc); ?>"><?php eh($p2_login_url_pc); ?></a><br>
+rep2۸ݗpURL\x81i\x8Cg\x91сj<br>
+<a href="<?php eh($p2_login_url_k); ?>"><?php eh($p2_login_url_k); ?></a><br>
<br>
+</div>
+
</body>
</html>
<?php
Modified: p2/trunk/js/htmlpopup.js
===================================================================
--- p2/trunk/js/htmlpopup.js 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/js/htmlpopup.js 2013-03-01 07:03:11 UTC (rev 939)
@@ -6,16 +6,18 @@
//showHtmlDelaySec = 0.2 * 1000; // HTML\x95\\x8E\xA6\x83f\x83B\x83\x8C\x83C\x83^\x83C\x83\x80\x81B\x83}\x83C\x83N\x83\x8D\x95b\x81B
+tHtmlPopupUrl = ""; // URL\x83e\x83\x93\x83|\x83\x89\x83\x8A\x95ϐ\x94
+gHtmlPopupUrl = ""; // URL\x83O\x83\x8D\x81[\x83o\x83\x8B\x95ϐ\x94
+tSandbox = 0; // sandbox\x83e\x83\x93\x83|\x83\x89\x83\x8A\x95ϐ\x94
+
+// HTML\x83|\x83b\x83v\x83A\x83b\x83v\x82̂\xBD\x82߂Ɏ擾\x82\xB3\x82\xEA\x82\xE9\x83u\x83\x89\x83E\x83U\x89\xE6\x96ʁi\x83X\x83N\x83\x8A\x81[\x83\x93\x81j\x93\xE0\x82ɂ\xA8\x82\xAF\x82\xE9\x83}\x83E\x83X\x82\xCC X, Y\x8D\xC0\x95W
+gHtmlPopupMouseX = 0;
+gHtmlPopupMouseY = 0;
+
gShowHtmlTimerID = null;
gNodePopup = null; // iframe\x82\xF0\x8Ai\x94[\x82\xB7\x82\xE9div\x97v\x91f
//gNodeClose = null; // \x81~\x82\xF0\x8Ai\x94[\x82\xB7\x82\xE9div\x97v\x91f
-tHtmlPopupUrl = ""; // URL\x83e\x83\x93\x83|\x83\x89\x83\x8A\x95ϐ\x94
-gHtmlPopupUrl = ""; // URL\x83O\x83\x8D\x81[\x83o\x83\x8B\x95ϐ\x94
-// \x83u\x83\x89\x83E\x83U\x89\xE6\x96ʁi\x83X\x83N\x83\x8A\x81[\x83\x93\x8F\xE3\x81j\x82̃}\x83E\x83X\x82\xCC X, Y\x8D\xC0\x95W
-gMouseX = 0;
-gMouseY = 0;
-
iResizable = null;
stophide = false;
@@ -39,10 +41,11 @@
if (!gNodePopup || url != gHtmlPopupUrl) {
tHtmlPopupUrl = url;
+ tSandbox = sandbox;
var pointer = getPageXY(ev);
- gMouseX = pointer[0];
- gMouseY = pointer[1];
+ gHtmlPopupMouseX = pointer[0];
+ gHtmlPopupMouseY = pointer[1];
// HTML\x95\\x8E\xA6\x83f\x83B\x83\x8C\x83C\x83^\x83C\x83}\x81[
gShowHtmlTimerID = setTimeout("showHtmlPopUpDo()", showHtmlDelaySec);
@@ -58,9 +61,9 @@
{
var close_top_adjust = 16;
- close_top = Math.min(win_bottom - close_top_adjust, gMouseY + close_top_adjust);
+ close_top = Math.min(win_bottom - close_top_adjust, gHtmlPopupMouseY + close_top_adjust);
if (close_top >= win_bottom - close_top_adjust) {
- close_top = gMouseY - close_top_adjust - 12;
+ close_top = gHtmlPopupMouseY - close_top_adjust - 12;
}
return close_top;
}
@@ -84,6 +87,9 @@
if (!gNodePopup) {
gNodePopup = document.createElement('iframe');
gNodePopup.setAttribute('id', 'iframespace');
+ if (tSandbox) {
+ gNodePopup.setAttribute('sandbox', 'allow-forms allow-scripts');
+ }
gNodePopup.style.backgroundColor = "#ffffff";
/*
@@ -92,13 +98,13 @@
gNodeClose.setAttribute('onMouseover', "hideHtmlPopUp(ev)");
*/
- var closeX = gMouseX + popup_x_adjust - closebox_width;
+ var closeX = gHtmlPopupMouseX + popup_x_adjust - closebox_width;
// IE\x97p
if (document.all) {
var body = getDocumentBodyIE();
- var iframeX = gMouseX + popup_x_adjust;
+ var iframeX = gHtmlPopupMouseX + popup_x_adjust;
gNodePopup.style.pixelLeft = iframeX; // \x83|\x83b\x83v\x83A\x83b\x83v\x88ʒu iframe\x82\xCCX\x8D\xC0\x95W
gNodePopup.style.pixelTop = body.scrollTop; // \x83|\x83b\x83v\x83A\x83b\x83v\x88ʒu iframe\x82\xCCY\x8D\xC0\x95W
// document.body.scrollTop \x82\xCD DOCTIYE\x82\xC5 document.documentElement.scrollTop \x82ɂȂ\xE9\x82炵\x82\xA2
@@ -123,7 +129,7 @@
// DOM\x91Ή\x9E\x97p\x81iMozilla\x81j
} else if (document.getElementById) {
- var iframeX = gMouseX + popup_x_adjust;
+ var iframeX = gHtmlPopupMouseX + popup_x_adjust;
gNodePopup.style.left = iframeX + "px"; // \x83|\x83b\x83v\x83A\x83b\x83v\x88ʒu iframe\x82\xCCX\x8D\xC0\x95W
gNodePopup.style.top = window.pageYOffset + "px"; // \x83|\x83b\x83v\x83A\x83b\x83v\x88ʒu iframe\x82\xCCY\x8D\xC0\x95W
Modified: p2/trunk/lib/Login.php
===================================================================
--- p2/trunk/lib/Login.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/Login.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -62,6 +62,7 @@
}
/**
+ * @access public
* @return boolean
*/
function validLoginId($login_id)
@@ -90,7 +91,7 @@
/**
* \x83\x8D\x83O\x83C\x83\x93\x83\x86\x81[\x83U\x96\xBC\x82̎w\x92\xE8\x82\xE9
*
- * @access public
+ * @access protected
* @return string|null
*/
function setdownLoginUser()
Modified: p2/trunk/lib/NgAbornCtl.php
===================================================================
--- p2/trunk/lib/NgAbornCtl.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/NgAbornCtl.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -178,12 +178,12 @@
}
// \x94ƒ`\x83F\x83b\x83N
- if ((strlen($bbs) > 0) and isset($v['bbs']) && in_array($bbs, $v['bbs']) == false) {
+ if (strlen($bbs) and isset($v['bbs']) && in_array($bbs, $v['bbs']) == false) {
continue;
}
// \x83^\x83C\x83g\x83\x8B\x83`\x83F\x83b\x83N
- if ((strlen($ttitle_hc) > 0) and isset($v['title']) && stristr($ttitle_hc, $v['title']) === false) {
+ if (strlen($ttitle_hc) and isset($v['title']) && stristr($ttitle_hc, $v['title']) === false) {
continue;
}
@@ -225,6 +225,16 @@
}
/**
+ * @access public
+ * @return string
+ */
+ function stripMsg($msg)
+ {
+ // <br>\x82͉\xFC\x8Ds\x94\xBB\x92\xE8\x82Ƃ\xB5\x82\xC4NG\x97\x98\x97p\x82\xB3\x82\xEA\x82邱\x82Ƃ\xAA\x82\xA0\x82\xE9\x81B\x83X\x83\x8C\x93\xE0\x83A\x83\x93\x83J\x81[\x83\x8A\x83\x93\x83N\x82͔\xBB\x92菜\x8AO\x82\xB5\x82\xBD\x82\xA2\x81B
+ return strip_tags($msg, '<br>');
+ }
+
+ /**
* \x93\xC1\x92背\x83X\x82̓\xA7\x96\xBE\x82\xA0\x82ځ[\x82\xF1\x82\xF0\x83`\x83F\x83b\x83N\x82\xB7\x82\xE9
*
* @access public
Modified: p2/trunk/lib/ShowThreadK.php
===================================================================
--- p2/trunk/lib/ShowThreadK.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/ShowThreadK.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -204,7 +204,9 @@
*/
$aborned_res = "<span id=\"r{$i}\" name=\"r{$i}\"></span>\n";
- if (false !== $this->checkAborns($nameForAborn, $mail, $id, $msg)) {
+ $stripped_msg = NgAbornCtl::stripMsg($msg);
+
+ if (false !== $this->checkAborns($nameForAborn, $mail, $id, $stripped_msg)) {
return $aborned_res;
}
@@ -226,7 +228,7 @@
if (false !== $this->ngAbornCheck('ng_id', $id)) {
$isNgId = true;
}
- if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $msg))) {
+ if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $stripped_msg))) {
$isNgMsg = true;
}
}
Modified: p2/trunk/lib/ShowThreadPc.php
===================================================================
--- p2/trunk/lib/ShowThreadPc.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/ShowThreadPc.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -147,7 +147,9 @@
// }}}
// {{{ \x82\xA0\x82ځ[\x82\xF1\x83`\x83F\x83b\x83N\x81i\x96\xBC\x91O\x81A\x83\x81\x81[\x83\x8B\x81AID\x81A\x83\x81\x83b\x83Z\x81[\x83W\x81j
- if (false !== $this->checkAborns($nameForAborn, $mail, $id, $msg)) {
+ $stripped_msg = NgAbornCtl::stripMsg($msg);
+
+ if (false !== $this->checkAborns($nameForAborn, $mail, $id, $stripped_msg)) {
// \x96\xBC\x91O
$aborned_res_html = '<dt id="r' . $i . '" class="aborned"><span> </span></dt>' . "\n";
@@ -191,7 +193,7 @@
if (false !== $this->ngAbornCheck('ng_id', $id)) {
$isNgId = true;
}
- if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $msg))) {
+ if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $stripped_msg))) {
$isNgMsg = true;
}
@@ -416,8 +418,10 @@
$nameForAborn = '';
}
+ $stripped_msg = NgAbornCtl::stripMsg($msg);
+
// \x82\xA0\x82ځ[\x82\xF1\x83`\x83F\x83b\x83N
- if (false !== $this->checkAborns($nameForAborn, $mail, $id, $msg)) {
+ if (false !== $this->checkAborns($nameForAborn, $mail, $id, $stripped_msg)) {
$name = $msg = '\x82\xA0\x82ځ[\x82\xF1'; // $date_id
$mail = '';
// "$i \x81F\x82\xA0\x82ځ[\x82\xF1 \x81F\x82\xA0\x82ځ[\x82\xF1<br>\x82\xA0\x82ځ[\x82\xF1<br>\n"
@@ -438,7 +442,7 @@
if (false !== $this->ngAbornCheck('ng_id', $id)) {
$isNgId = true;
}
- if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $msg))) {
+ if (false !== ($a_ng_msg = $this->ngAbornCheck('ng_msg', $stripped_msg))) {
$isNgMsg = true;
}
@@ -856,9 +860,11 @@
* @access private
* @param array|string $url
* @param array|string $attr
+ * @param integer|null $mode
+ * @param boolean $sandbox
* @return string HTML
*/
- function iframePopup($url, $str, $attr = '', $mode = NULL)
+ function iframePopup($url, $str, $attr = '', $mode = NULL, $sandbox = false)
{
global $_conf;
@@ -895,8 +901,10 @@
// \x83\x8A\x83\x93\x83N\x82̑\xAE\x90\xAB\x82\xC9HTML\x83|\x83b\x83v\x83A\x83b\x83v\x97p\x82̃C\x83x\x83\x93\x83g\x83n\x83\x93\x83h\x83\x89\x82\xF0\x89\xC1\x82\xA6\x82\xE9
$pop_attr = $attr;
- $pop_attr .= " onmouseover=\"showHtmlPopUp('" . hs($pop_url_sid) . "', event, " . hs($_conf['iframe_popup_delay']) . ")\"";
- $pop_attr .= " onmouseout=\"offHtmlPopUp()\"";
+ $pop_attr .= sprintf(' onmouseover="showHtmlPopUp(\'%s\', event, %s, %d)"',
+ hs($pop_url_sid), hs($_conf['iframe_popup_delay']), (int)$sandbox
+ );
+ $pop_attr .= ' onmouseout="offHtmlPopUp()"';
// \x8DŏI\x92\xB2\x90\xAE
if (is_null($mode)) {
@@ -1080,7 +1088,9 @@
function isNoIframeUri($uri)
{
// http://www.prh.noaa.gov/ptwc/?region=1&id=pacific.2010.02.28.085650
- if (preg_match('{(?:wikipedia\\.org|twitter\\.com|noaa\\.gov)}', $uri)) {
+ // X-FRAME-OPTIONS
+ //if (preg_match('{(?:wikipedia\\.org|twitter\\.com|noaa\\.gov)}', $uri)) {
+ if (preg_match('{(?:twitter\\.com)}', $uri)) {
return true;
}
return false;
@@ -1109,7 +1119,7 @@
} else {
$pop_url = $link_url;
}
- $link = $this->iframePopup(array($link_url, $pop_url), $html, array('target' => $_conf['ext_win_target']));
+ $link = $this->iframePopup(array($link_url, $pop_url), $html, array('target' => $_conf['ext_win_target']), null, true);
} else {
$link = P2View::tagA($link_url, $html, array('target' => $_conf['ext_win_target']));
}
@@ -1131,7 +1141,7 @@
$brocra_pop_url = $brocra_checker_url;
}
$brocra_checker_link_tag = $this->iframePopup(
- array($brocra_checker_url, $brocra_pop_url), hs('\xC1\xAA\xAF\xB8'), $_conf['ext_win_target_at']
+ array($brocra_checker_url, $brocra_pop_url), hs('\xC1\xAA\xAF\xB8'), $_conf['ext_win_target_at'], null, true
);
} else {
$brocra_checker_link_tag = P2View::tagA(
Modified: p2/trunk/lib/ThreadList.php
===================================================================
--- p2/trunk/lib/ThreadList.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/ThreadList.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -69,7 +69,7 @@
* @access public
* @return void
*/
- function setIta($host, $bbs, $itaj = "")
+ function setIta($host, $bbs, $itaj = '')
{
if (preg_match('/[<>]/', $host) || preg_match('/[<>]/', $bbs)) {
trigger_error(__FUNCTION__, E_USER_WARNING);
Modified: p2/trunk/lib/index_print_k.inc.php
===================================================================
--- p2/trunk/lib/index_print_k.inc.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/index_print_k.inc.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -57,7 +57,6 @@
// \x8CÂ\xA2\x83Z\x83b\x83V\x83\x87\x83\x93ID\x82\xAA\x83L\x83\x83\x83b\x83V\x83\x85\x82\xB3\x82\xEA\x82Ă\xA2\x82邱\x82Ƃ\xF0\x8Dl\x97\xB6\x82\xB5\x82āA\x83\x86\x81[\x83U\x8F\xEE\x95\xF1\x82\xF0\x95t\x89\xC1\x82\xB5\x82Ă\xA8\x82\xAD
// \x81i\x83\x8A\x83t\x83@\x83\x89\x82\xF0\x8Dl\x97\xB6\x82\xB5\x82āA\x82‚\xAF\x82Ȃ\xA2\x82ق\xA4\x82\xAA\x82\xA2\x82\xA2\x8Fꍇ\x82\xE0\x82\xA0\x82\xE9\x82̂Œ\x8D\x88Ӂj
-
$edit_indexmenuk_atag = P2View::tagA(
UriUtil::buildQueryUri('edit_indexmenuk.php',
array(
@@ -134,7 +133,7 @@
<a href="<?php eh($p2_login_url_k); ?>"><?php eh($p2_login_url_k); ?></a><br>
p2۸ݗpURL\x81iPC\x81j<br>
<a href="<?php eh($p2_login_url_pc); ?>"><?php eh($p2_login_url_pc); ?></a>
-<br>p2۸ݗpURL\x81iiPhone\x81j<br>
+<br>p2۸ݗpURL\x81i\x83X\x83}\x83z\x81j<br>
<a href="<?php eh($p2_login_url_iphone); ?>"><?php eh($p2_login_url_iphone); ?></a>
</div>
Modified: p2/trunk/lib/menu.inc.php
===================================================================
--- p2/trunk/lib/menu.inc.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/lib/menu.inc.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -24,6 +24,9 @@
// \x82\xA8\x8BC\x82ɔ‚̒lj\xC1\x81E\x8D폜
if (isset($_GET['setfavita'])) {
+ if (!isset($_REQUEST['csrfid']) || !P2Util::checkCsrfId($_REQUEST['csrfid'])) {
+ p2die('\x95s\x90\xB3\x82ȃN\x83G\x83\x8A\x81[\x82ł\xB7\x81iCSRF\x91\xF4\x81j');
+ }
require_once P2_LIB_DIR . '/setFavIta.func.php';
setFavIta();
}
Modified: p2/trunk/login.php
===================================================================
--- p2/trunk/login.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/login.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -14,7 +14,7 @@
// \x95\\x8E\xA6\x95\xB6\x8E\x9A
$p_str = array(
- 'ptitle' => 'rep2\x94F\x8F\x86\x81[\x83U\x8AǗ\x9D',
+ 'ptitle' => 'rep2\x83\x86\x81[\x83U\x8AǗ\x9D',
'autho_user' => '\x94F\x8F\x86\x81[\x83U',
'logout' => '\x83\x8D\x83O\x83A\x83E\x83g',
'password' => '\x83p\x83X\x83\x8F\x81[\x83h',
Modified: p2/trunk/menu_i.php
===================================================================
--- p2/trunk/menu_i.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/menu_i.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -24,6 +24,9 @@
//============================================================
// \x82\xA8\x8BC\x82ɔ‚̒lj\xC1\x81E\x8D폜
if (isset($_GET['setfavita'])) {
+ if (!isset($_REQUEST['csrfid']) || !P2Util::checkCsrfId($_REQUEST['csrfid'])) {
+ p2die('\x95s\x90\xB3\x82ȃN\x83G\x83\x8A\x81[\x82ł\xB7\x81iCSRF\x91\xF4\x81j');
+ }
require_once P2_LIB_DIR . '/setFavIta.func.php';
setFavIta();
}
Modified: p2/trunk/menu_k.php
===================================================================
--- p2/trunk/menu_k.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/menu_k.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -25,8 +25,12 @@
//============================================================
// \x82\xA8\x8BC\x82ɔ‚̒lj\xC1\x81E\x8D폜
if (isset($_GET['setfavita'])) {
- require_once P2_LIB_DIR . '/setFavIta.func.php';
- setFavIta();
+ if (!isset($_REQUEST['csrfid']) || !P2Util::checkCsrfId($_REQUEST['csrfid'])) {
+ //p2die('\x95s\x90\xB3\x82ȃN\x83G\x83\x8A\x81[\x82ł\xB7\x81iCSRF\x91\xF4\x81j');
+ } else {
+ require_once P2_LIB_DIR . '/setFavIta.func.php';
+ setFavIta();
+ }
}
//================================================================
@@ -79,7 +83,7 @@
// {{{ \x8C\x9F\x8D\x{1433C1}[\x83h\x82\xAA\x82\xA0\x82\xEA\x82\xCE
-if (strlen($GLOBALS['word']) > 0) {
+if (strlen($GLOBALS['word'])) {
?>\x94\xC2ؽČ\x9F\x8D\x{14C2C9}\xCA
<?php
Modified: p2/trunk/setting.php
===================================================================
--- p2/trunk/setting.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/setting.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -93,7 +93,7 @@
?><ul id="setting_menu">
<li>
- <a href="<?php eh($login_uri); ?>">rep2\x83\x8D\x83O\x83C\x83\x93\x8AǗ\x9D</a>
+ <a href="<?php eh($login_uri); ?>">rep2\x83\x86\x81[\x83U\x8AǗ\x9D</a>
</li>
<li><a href="<?php eh($login2ch_uri); ?>">2ch\x83\x8D\x83O\x83C\x83\x93\x8AǗ\x9D</a>\x81i\x82\xA2\x82\xED\x82\xE4\x82遜\x81j</li>
</ul>
Modified: p2/trunk/subject_new.php
===================================================================
--- p2/trunk/subject_new.php 2013-03-01 07:02:20 UTC (rev 938)
+++ p2/trunk/subject_new.php 2013-03-01 07:03:11 UTC (rev 939)
@@ -4,7 +4,8 @@
//\x83t\x83\x8C\x81[\x83\x80\x95\xAA\x8A\x84\x89\xE6\x96ʁA\x89E\x8F㕔\x95\xAA
\x96\xB3\x97\x9D\x96\x82\xBE\x82\xAA\x81A\x94ƒ\x81\x83j\x83\x85\x81[\x82ŐV\x92\x85\x90\x94\x82\xF0\x92m\x82邽\x82߂Ɏg\x97p\x82\xB5\x82Ă\xA2\x82\xE9 // $shinchaku_num, $_newthre_num \x82\xF0\x83Z\x83b\x83g
-
+ \x81i\x95ϐ\x94\x82̃X\x83R\x81[\x83v\x82͕‚\xB6\x82\xBD\x82\xA2\x82Ƃ\xB1\x82\xEB\x81j
+
subject.php \x82ƌZ\x92\xED\x82Ȃ̂ňꏏ\x82ɖʓ|\x82\xF0\x82݂\xE9
$host, $bbs, $spmode \x82\xF0\x82\xA0\x82炩\x82\xB6\x82ߏ\x80\x94\x{142D42}Ă\xA8\x82\xAD
@@ -33,7 +34,7 @@
// p2_setting \x90ݒ\xE8
if ($spmode) {
- $p2_setting_txt = $_conf['pref_dir'] . "/p2_setting_" . $spmode . ".txt";
+ $p2_setting_txt = $_conf['pref_dir'] . '/p2_setting_' . $spmode . '.txt';
} else {
$idx_bbs_dir_s = P2Util::idxDirOfHostBbs($host, $bbs);
@@ -83,6 +84,7 @@
elseif (isset($_GET['word'])) { $threads_num = $threads_num_max; }
elseif ($_conf['ktai']) { $threads_num = $threads_num_max; }
+
//============================================================
// \x83\x81\x83C\x83\x93
//============================================================
@@ -97,8 +99,7 @@
$aThreadList->setSpMode($spmode);
} else {
// if (!$p2_setting['itaj']) { $p2_setting['itaj'] = P2Util::getItaName($host, $bbs); }
- $itaj = isset($p2_setting['itaj']) ? $p2_setting['itaj'] : null;
- $aThreadList->setIta($host, $bbs, $itaj);
+ $aThreadList->setIta($host, $bbs, $itaj = isset($p2_setting['itaj']) ? $p2_setting['itaj'] : null);
// \x83X\x83\x8C\x83b\x83h\x82\xA0\x82ځ[\x82X\x83g\x93Ǎ\x9E
$ta_keys = P2Util::getThreadAbornKeys($aThreadList->host, $aThreadList->bbs);