[modify]入力パラメータのバリデーション強化

author Habu <habu@users.sourceforge.jp>

Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)

committer Habu <habu@users.sourceforge.jp>

Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)
author Habu <habu@users.sourceforge.jp>
Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)
committer Habu <habu@users.sourceforge.jp>
Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)
diff --git a/score/show_dump.php b/score/show_dump.php

index fc0a94a..d4a020e 100644 (file)
--- a/score/show_dump.php
+++ b/score/show_dump.php
@@ -6,5 +6,10 @@ ini_set('error_log', 'errors/'.pathinfo(__FILE__, PATHINFO_FILENAME).'.log');
  
  require_once "dump_file.inc";
  
-$dump_file = new DumpFile($_GET['score_id']);
-$dump_file->show('dumps', 'txt', 'text/plain; charset=UTF-8');
+$score_id = filter_input(INPUT_GET, 'score_id', FILTER_VALIDATE_INT);
+if ($score_id === FALSE || $score_id === NULL) {
+    http_response_code(404);
+} else {
+    $dump_file = new DumpFile($score_id);
+    $dump_file->show('dumps', 'txt', 'text/plain; charset=UTF-8');
+}
diff --git a/score/show_screen.php b/score/show_screen.php

index 1925181..d6c6ffc 100644 (file)
--- a/score/show_screen.php
+++ b/score/show_screen.php
@@ -6,5 +6,10 @@ ini_set('error_log', 'errors/'.pathinfo(__FILE__, PATHINFO_FILENAME).'.log');
  
  require_once "dump_file.inc";
  
-$dump_file = new DumpFile($_GET['score_id']);
-$dump_file->show('screens', 'html', 'text/html; charset=UTF-8');
+$score_id = filter_input(INPUT_GET, 'score_id', FILTER_VALIDATE_INT);
+if ($score_id === FALSE || $score_id === NULL) {
+    http_response_code(404);
+} else {
+    $dump_file = new DumpFile($score_id);
+    $dump_file->show('screens', 'html', 'text/html; charset=UTF-8');
+}
author	Habu <habu@users.sourceforge.jp>
	Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)
committer	Habu <habu@users.sourceforge.jp>
	Thu, 29 Mar 2018 10:35:12 +0000 (19:35 +0900)
score/show_dump.php		patch \| blob \| history
score/show_screen.php		patch \| blob \| history