ここの情報は古いです。ご理解頂いた上でお取り扱いください。

Changeset 13654 for OpenPNE


Ignore:
Timestamp:
Aug 11, 2010, 2:57:44 PM (12 years ago)
Author:
imamura623
Message:

google map小窓、及びコメント返信補助機能のXSS対策パッチ適用

Location:
OpenPNE/branches/stable-2.14.x/webapp/modules/pc
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • OpenPNE/branches/stable-2.14.x/webapp/modules/pc/page/h_googlemap.php

    r12847 r13654  
    1717
    1818        // --- リクエスト変数
    19         $x = $requests['x'];
    20         $y = $requests['y'];
    21         $z = $requests['z'];
    2219        $t = $requests['t'];
    23         $q = $requests['q'];
    2420        // ----------
    25         $this->set('x', $x);
    26         $this->set('y', $y);
    27         $this->set('z', $z);
    28         $this->set('q', $q);
     21
    2922        //表示モード
    3023        {
  • OpenPNE/branches/stable-2.14.x/webapp/modules/pc/templates/c_event_detail.tpl

    r13095 r13654  
    152152<div class="title">
    153153<p class="heading"><strong>({$item.number})</strong>:
    154  <a href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>
     154 <a id="comment-({$item.number})-member" title="({$item.nickname})" href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>
    155155({if $c_member_id == $item.c_member_id || $c_member_id == $c_commu.c_member_id_admin || $c_member_id == $c_commu.c_member_id_sub_admin}) <a href="({t_url m=pc a=page_c_event_write_delete_confirm})&amp;target_c_commu_topic_comment_id=({$item.c_commu_topic_comment_id})">削除</a>({/if})
    156 ({if $is_c_commu_member && $is_writable_comment && $smarty.const.USE_RESPONSE_COMMENT}) <a href="javascript:void(0);" onclick="response_comment_format('({$item.nickname})', '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>({/if})</p>
     156({if $is_c_commu_member && $is_writable_comment && $smarty.const.USE_RESPONSE_COMMENT}) <a href="javascript:void(0);" onclick="response_comment_format($('comment-({$item.number})-member').getAttribute('title'), '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>({/if})</p>
    157157</div>
    158158<div class="body">
  • OpenPNE/branches/stable-2.14.x/webapp/modules/pc/templates/c_topic_detail.tpl

    r13095 r13654  
    9999<div class="title">
    100100<p class="heading"><strong>({$item.number})</strong>:
    101  <a href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>
     101 <a id="comment-({$item.number})-member" title="({$item.nickname})" href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>
    102102({if $c_member_id == $item.c_member_id || $c_member_id == $c_commu.c_member_id_admin || $c_member_id == $c_commu.c_member_id_sub_admin}) <a href="({t_url m=pc a=page_c_topic_write_delete_confirm})&amp;target_c_commu_topic_comment_id=({$item.c_commu_topic_comment_id})">削除</a>({/if})
    103 ({if $is_c_commu_member && $is_writable_comment && $smarty.const.USE_RESPONSE_COMMENT}) <a href="javascript:void(0);" onclick="response_comment_format('({$item.nickname})', '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>({/if})
     103({if $is_c_commu_member && $is_writable_comment && $smarty.const.USE_RESPONSE_COMMENT}) <a href="javascript:void(0);" onclick="response_comment_format($('comment-({$item.number})-member').getAttribute('title'), '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>({/if})
    104104</p>
    105105</div>
  • OpenPNE/branches/stable-2.14.x/webapp/modules/pc/templates/fh_diary.tpl

    r13023 r13654  
    184184<div class="title">
    185185<p class="heading"><strong>({$item.number})</strong>:
    186 ({if $item.nickname}) <a href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>({/if})
     186({if $item.nickname}) <a id="comment-({$item.number})-member" title="({$item.nickname})" href="({t_url m=pc a=page_f_home})&amp;target_c_member_id=({$item.c_member_id})">({$item.nickname})</a>({/if})
    187187({if $type == 'f' && $item.c_member_id == $member.c_member_id}) <a href="({t_url m=pc a=page_fh_delete_comment})&amp;target_c_diary_id=({$target_diary.c_diary_id})&amp;target_c_diary_comment_id=({$item.c_diary_comment_id})">削除</a>({/if})
    188188({if $smarty.const.USE_RESPONSE_COMMENT && $is_writable_comment})
    189189({if !$smarty.const.OPENPNE_USE_DIARY_COMMENT || $is_comment_input})
    190 <a href="javascript:void(0);" onclick="response_comment_format('({$item.nickname})', '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>
     190<a href="javascript:void(0);" onclick="response_comment_format($('comment-({$item.number})-member').getAttribute('title'), '({$item.number})', 'comment_box');return false;" ><img src="({t_img_url_skin filename=button_comment})" alt="コメント返信ボタン" /></a>
    191191({/if})
    192192({/if})
  • OpenPNE/branches/stable-2.14.x/webapp/modules/pc/templates/h_googlemap.tpl

    r13058 r13654  
    1111<script type="text/javascript">
    1212//<![CDATA[
     13
     14// parse request parameters
     15var request = {
     16  x: "", y: "", z: "", q: ""
     17};
     18var params = window.location.search.substr(1).split('&');
     19for (var i = 0; i < params.length; i++) {
     20  var parts = params[i].split('=');
     21
     22  var n = parts[0];
     23  var v = decodeURIComponent(parts[1]);
     24  if ("z" == n)
     25  {
     26    v = parseInt(v);
     27  }
     28  request[n] = v;
     29}
     30var MapType = ({$MapType});  // It is not user-inputed values
     31
    1332var gls;
    1433var gMap;
     
    1736    var first = gls.results[0];
    1837    var point = new GLatLng(parseFloat(first.lat), parseFloat(first.lng));
    19     var zoom = ({$z});
     38    var zoom = request.z;
    2039    gMap.addControl(new GSmallMapControl());
    2140    gMap.addControl(new GMapTypeControl());
    22     gMap.setMapType(({$MapType}));
     41    gMap.setMapType(MapType);
    2342    gMap.setCenter(point, zoom);
    2443    var marker = new GMarker(point);
     
    2847function load() {
    2948    if (GBrowserIsCompatible()) {
    30         if ((({$x}) == 0) && (({$y}) == 0)){
     49        if ((request.x == 0) && (request.y == 0)){
    3150            gMap = new GMap2(document.getElementById("map"));
    3251            gMap.addControl(new GSmallMapControl());
     
    3655            gls.setCenterPoint(gMap);
    3756            gls.setSearchCompleteCallback(null, OnLocalSearch);
    38             var q = "({$q})";
     57            var q = request.q;
    3958            gls.execute(q);
    4059        } else {
    41             var point = new GLatLng(({$x}), ({$y}));
    42             var zoom = ({$z});
     60            var point = new GLatLng(request.x, request.y);
     61            var zoom = request.z;
    4362            gMap = new GMap2(document.getElementById("map"));
    4463            gMap.addControl(new GSmallMapControl());
    4564            gMap.addControl(new GMapTypeControl());
    4665            gMap.setCenter(point, zoom);
    47             gMap.setMapType(({$MapType}));
     66            gMap.setMapType(MapType);
    4867            var marker = new GMarker(point);
    4968            gMap.addOverlay(marker);
Note: See TracChangeset for help on using the changeset viewer.