osCommerceは、データベースで管理された高機能なオンライン・ショップを構築できるオープンソースのサーバ・アプリケーションです。
osCommerce 2.2 MS1 日本語版 (register_globals = Off 対応版)
■このパッケージについて
osCommerce 2.2 MS1 日本語版 R3 を元にPHP 4.1.0から採用された
スーパーグローバル変数を使い「register_globals = Off」の環境
で動作するようにコード変更を行ったものです。
■動作環境
register_globals = Off 対応に伴い PHP 4.1.0以降の環境で動作
します。PHP 4.1.0より古い環境(PHP 4.0.6など)では動作しません。
■インストール方法
ダウンロードしたパッケージの INSTALL_japanese.txt をご参照く
ださい。
■書き換え用スクリプト
・oscommerce-2.2ms1j-R3のディレクトリにShell scriptを作成し、機械的に書き換えます。
#!/bin/sh
find catalog | grep '.php' |
while read file
do
echo "Changing $file"
ed $file <<_ED_EOF >/dev/null 2>&1
g/\$HTTP_GET_VARS/s/\$HTTP_GET_VARS/\$_GET/g
g/\$HTTP_POST_VARS/s/\$HTTP_POST_VARS/\$_POST/g
g/\$HTTP_POST_FILES/s/\$HTTP_POST_FILES/\$_FILES/g
g/\$HTTP_SERVER_VARS/s/\$HTTP_SERVER_VARS/\$_SERVER/g
g/\$HTTP_ENV_VARS/s/\$HTTP_ENV_VARS/\$_ENV/g
g/\$HTTP_COOKIE_VARS/s/\$HTTP_COOKIE_VARS/\$_COOKIE/g
g/\$HTTP_USER_AGENT/s/\$HTTP_USER_AGENT/\$_SERVER\['HTTP_USER_AGENT'\]/g
g/\$HTTP_ACCEPT_ENCODING/s/\$HTTP_ACCEPT_ENCODING/\$_SERVER\['HTTP_ACCEPT_ENCODING'\]/g
g/\$HTTP_REFERER/s/\$HTTP_REFERER/\$_SERVER\['HTTP_REFERER'\]/g
g/\$REMOTE_ADDR/s/\$REMOTE_ADDR/\$_SERVER\['REMOTE_ADDR'\]/g
g/\$REQUEST_URI/s/\$REQUEST_URI/\$_SERVER\['REQUEST_URI'\]/g
g/\$SCRIPT_NAME/s/\$SCRIPT_NAME/\$_SERVER\['SCRIPT_NAME'\]/g
g/\$REQUEST_METHOD/s/\$REQUEST_METHOD/\$_SERVER\['REQUEST_METHOD'\]/g
g/\$QUERY_STRING/s/\$QUERY_STRING/\$_SERVER\['QUERY_STRING'\]/g
g/\$GLOBALS\['REQUEST_URI'\]/s/\$GLOBALS\['REQUEST_URI'\]/\$_SERVER\['REQUEST_URI'\]/g
g/\$GLOBALS\['HTTP_REFERER'\]/s/\$GLOBALS\['HTTP_REFERER'\]/\$_SERVER\['HTTP_REFERER'\]/g
g/\$GLOBALS\['SERVER_NAME'\]/s/\$GLOBALS\['SERVER_NAME'\]/\$_SERVER\['SERVER_NAME'\]/g
g/\$GLOBALS\['shipping'\]/s/\$GLOBALS\['shipping'\]/\$_SESSION\['shipping'\]/g
g/ini_get('register_globals')/s/ini_get/\!ini_get/g
g/\$billto\([][ ,;()-]\)/s/\$billto\([][ ,;()-]\)/\$_SESSION['billto']\1/g
g/\$cart\([][ ,;()-]\)/s/\$cart\([][ ,;()-]\)/\$_SESSION['cart']\1/g
g/\$cartID\([][ ,;()-]\)/s/\$cartID\([][ ,;()-]\)/\$_SESSION['cartID']\1/g
g/\$comments\([][ ,;()-]\)/s/\$comments\([][ ,;()-]\)/\$_SESSION['comments']\1/g
g/\$currency\([][ ,;()-]\)/s/\$currency\([][ ,;()-]\)/\$_SESSION['currency']\1/g
g/\$current_path\([][ ,;()-]\)/s/\$current_path\([][ ,;()-]\)/\$_SESSION['current_path']\1/g
g/\$customer_country_id\([][ ,;()-]\)/s/\$customer_country_id\([][ ,;()-]\)/\$_SESSION['customer_country_id']\1/g
g/\$customer_default_address_id\([][ ,;()-]\)/s/\$customer_default_address_id\([][ ,;()-]\)/\$_SESSION['customer_default_address_id']\1/g
g/\$customer_first_name\([][ ,;()-]\)/s/\$customer_first_name\([][ ,;()-]\)/\$_SESSION['customer_first_name']\1/g
g/\$customer_id\([][ ,;()-]\)/s/\$customer_id\([][ ,;()-]\)/\$_SESSION['customer_id']\1/g
g/\$customer_last_name\([][ ,;()-]\)/s/\$customer_last_name\([][ ,;()-]\)/\$_SESSION['customer_last_name']\1/g
g/\$customer_zone_id\([][ ,;()-]\)/s/\$customer_zone_id\([][ ,;()-]\)/\$_SESSION['customer_zone_id']\1/g
g/\$language\([][ ,;()-]\)/s/\$language\([][ ,;()-]\)/\$_SESSION['language']\1/g
g/\$languages_id\([][ ,;()-]\)/s/\$languages_id\([][ ,;()-]\)/\$_SESSION['languages_id']\1/g
g/\$messageToStack\([][ ,;()-]\)/s/\$messageToStack\([][ ,;()-]\)/\$_SESSION['messageToStack']\1/g
g/\$navigation\([][ ,;()-]\)/s/\$navigation\([][ ,;()-]\)/\$_SESSION['navigation']\1/g
g/\$new_products_id_in_cart\([][ ,;()-]\)/s/\$new_products_id_in_cart\([][ ,;()-]\)/\$_SESSION['new_products_id_in_cart']\1/g
g/\$payment\([][ ,;()-]\)/s/\$payment\([][ ,;()-]\)/\$_SESSION['payment']\1/g
g/\$selected_box\([][ ,;()-]\)/s/\$selected_box\([][ ,;()-]\)/\$_SESSION['selected_box']\1/g
g/\$sendto\([][ ,;()-]\)/s/\$sendto\([][ ,;()-]\)/\$_SESSION['sendto']\1/g
g/\$shipping\([][ ,;()-]\)/s/\$shipping\([][ ,;()-]\)/\$_SESSION['shipping']\1/g
.
w
q
_ED_EOF
done
find admin | grep '.php' |
while read file
do
echo "Changing $file"
ed $file <<_ED_EOF >/dev/null 2>&1
g/\$HTTP_GET_VARS/s/\$HTTP_GET_VARS/\$_GET/g
g/\$HTTP_POST_VARS/s/\$HTTP_POST_VARS/\$_POST/g
g/\$HTTP_POST_FILES/s/\$HTTP_POST_FILES/\$_FILES/g
g/\$HTTP_SERVER_VARS/s/\$HTTP_SERVER_VARS/\$_SERVER/g
g/\$HTTP_ENV_VARS/s/\$HTTP_ENV_VARS/\$_ENV/g
g/\$HTTP_COOKIE_VARS/s/\$HTTP_COOKIE_VARS/\$_COOKIE/g
g/\$HTTP_USER_AGENT/s/\$HTTP_USER_AGENT/\$_SERVER\['HTTP_USER_AGENT'\]/g
g/\$HTTP_ACCEPT_ENCODING/s/\$HTTP_ACCEPT_ENCODING/\$_SERVER\['HTTP_ACCEPT_ENCODING'\]/g
g/\$HTTP_REFERER/s/\$HTTP_REFERER/\$_SERVER\['HTTP_REFERER'\]/g
g/\$REMOTE_ADDR/s/\$REMOTE_ADDR/\$_SERVER\['REMOTE_ADDR'\]/g
g/\$REQUEST_URI/s/\$REQUEST_URI/\$_SERVER\['REQUEST_URI'\]/g
g/\$SCRIPT_NAME/s/\$SCRIPT_NAME/\$_SERVER\['SCRIPT_NAME'\]/g
g/\$REQUEST_METHOD/s/\$REQUEST_METHOD/\$_SERVER\['REQUEST_METHOD'\]/g
g/\$QUERY_STRING/s/\$QUERY_STRING/\$_SERVER\['QUERY_STRING'\]/g
g/\$PHP_SELF/s/\$PHP_SELF/\$_SERVER\['PHP_SELF'\]/g
g/\$GLOBALS\['PHP_SELF'\]/s/\$GLOBALS\['PHP_SELF'\]/\$_SERVER\['PHP_SELF'\]/g
g/\$GLOBALS\['REQUEST_URI'\]/s/\$GLOBALS\['REQUEST_URI'\]/\$_SERVER\['REQUEST_URI'\]/g
g/\$GLOBALS\['HTTP_REFERER'\]/s/\$GLOBALS\['HTTP_REFERER'\]/\$_SERVER\['HTTP_REFERER'\]/g
g/\$GLOBALS\['SERVER_NAME'\]/s/\$GLOBALS\['SERVER_NAME'\]/\$_SERVER\['SERVER_NAME'\]/g
g/\$GLOBALS\['HTTP_POST_VARS'\]/s/\$GLOBALS\['HTTP_POST_VARS'\]/\$_POST/g
g/ini_get('register_globals')/s/ini_get/\!ini_get/g
g/\$billto\([][ ,;()-]\)/s/\$billto\([][ ,;()-]\)/\$_SESSION['billto']\1/g
g/\$cart\([][ ,;()-]\)/s/\$cart\([][ ,;()-]\)/\$_SESSION['cart']\1/g
g/\$cartID\([][ ,;()-]\)/s/\$cartID\([][ ,;()-]\)/\$_SESSION['cartID']\1/g
g/\$comments\([][ ,;()-]\)/s/\$comments\([][ ,;()-]\)/\$_SESSION['comments']\1/g
g/\$currency\([][ ,;()-]\)/s/\$currency\([][ ,;()-]\)/\$_SESSION['currency']\1/g
g/\$current_path\([][ ,;()-]\)/s/\$current_path\([][ ,;()-]\)/\$_SESSION['current_path']\1/g
g/\$customer_country_id\([][ ,;()-]\)/s/\$customer_country_id\([][ ,;()-]\)/\$_SESSION['customer_country_id']\1/g
g/\$customer_default_address_id\([][ ,;()-]\)/s/\$customer_default_address_id\([][ ,;()-]\)/\$_SESSION['customer_default_address_id']\1/g
g/\$customer_first_name\([][ ,;()-]\)/s/\$customer_first_name\([][ ,;()-]\)/\$_SESSION['customer_first_name']\1/g
g/\$customer_id\([][ ,;()-]\)/s/\$customer_id\([][ ,;()-]\)/\$_SESSION['customer_id']\1/g
g/\$customer_last_name\([][ ,;()-]\)/s/\$customer_last_name\([][ ,;()-]\)/\$_SESSION['customer_last_name']\1/g
g/\$customer_zone_id\([][ ,;()-]\)/s/\$customer_zone_id\([][ ,;()-]\)/\$_SESSION['customer_zone_id']\1/g
g/\$language\([][ ,;()-]\)/s/\$language\([][ ,;()-]\)/\$_SESSION['language']\1/g
g/\$languages_id\([][ ,;()-]\)/s/\$languages_id\([][ ,;()-]\)/\$_SESSION['languages_id']\1/g
g/\$messageToStack\([][ ,;()-]\)/s/\$messageToStack\([][ ,;()-]\)/\$_SESSION['messageToStack']\1/g
g/\$navigation\([][ ,;()-]\)/s/\$navigation\([][ ,;()-]\)/\$_SESSION['navigation']\1/g
g/\$new_products_id_in_cart\([][ ,;()-]\)/s/\$new_products_id_in_cart\([][ ,;()-]\)/\$_SESSION['new_products_id_in_cart']\1/g
g/\$payment\([][ ,;()-]\)/s/\$payment\([][ ,;()-]\)/\$_SESSION['payment']\1/g
g/\$selected_box\([][ ,;()-]\)/s/\$selected_box\([][ ,;()-]\)/\$_SESSION['selected_box']\1/g
g/\$sendto\([][ ,;()-]\)/s/\$sendto\([][ ,;()-]\)/\$_SESSION['sendto']\1/g
g/\$shipping\([][ ,;()-]\)/s/\$shipping\([][ ,;()-]\)/\$_SESSION['shipping']\1/g
.
w
q
_ED_EOF
done
■機械的に処理できない箇所を手動で修正します。
・catalog/install/templates/pages/upgrade_3.php
※$_SESSION['currency'] を $currency に戻す
・catalog/includes/classes/language.php
※$_SESSION['language'] を $language に戻す
・catalog/includes/classes/shopping_cart.php
※$_SESSION['cartID'] を $cartID に戻す
・catalog/includes/functions/general.php
※$_SESSION['language'] を $language に戻す
・catalog/includes/functions/sessions.php
※session_register関連の関数を使用しない
function tep_session_register($variable) {
return true;
}
function tep_session_is_registered($variable) {
return isset($_SESSION[$variable]);
}
function tep_session_unregister($variable) {
unset($_SESSION[$variable]);
return true;
}
・catalog/includes/modules/payment/authorizenet.php
※$_SESSION['currency'] を $currency に戻す
・catalog/includes/modules/order_total/ot_shipping.php
48行目を変更
前) $GLOBALS['shipping']['id']
後) $_SESSION['shipping']['id']
・admin/currencies.php
※$_SESSION['currency'] を $currency に戻す
・admin/users.php
47行付近に挿入
if (isset($_POST['execute_new'])) { $execute_new = $_POST['execute_new']; }
if (isset($_POST['execute_insert'])) { $execute_insert = $_POST['execute_insert']; }
if (isset($_POST['execute_update'])) { $execute_update = $_POST['execute_update']; }
if (isset($_POST['execute_delete'])) { $execute_delete = $_POST['execute_delete']; }
if (isset($_POST['execute_grant'])) { $execute_grant = $_POST['execute_grant']; }
if (isset($_POST['execute_reset'])) { $execute_reset = $_POST['execute_reset']; }
・admin/users_log.php
48行付近に挿入
if (isset($_POST['sp'])) { $sp = $_POST['sp']; }
if (isset($_POST['execute_delete'])) { $execute_delete = $_POST['execute_delete']; }
・/admin/newsletters.php
38行目を変更
前) if (empty($module))
後) if (empty($newsletter_module))
272行目を変更
前) $module->send($nInfo->newsletters_id);
後) if (!isset($_GET['selected_box'])) $module->send($nInfo->newsletters_id);
・admin/includes/functions/languages.php
※$_SESSION['language'] を $language に戻す
・admin/includes/functions/sessions.php
※session_register関連の関数を使用しない
function tep_session_register($variable) {
return true;
}
function tep_session_is_registered($variable) {
return isset($_SESSION[$variable]);
}
function tep_session_unregister($variable) {
unset($_SESSION[$variable]);
return true;
}
・admin/includes/classes/user_certify.php
334行目を変更
前) $execute_logout_user
後) $_GET['execute_logout_user']
・スーパーグローバル変数($_GET,$_POST,$_SESSIONなど)をglobal
宣言している箇所をコメントアウトする。
