Changes for page 学校ページ テンプレート
Last modified by Super Admin on 2026/04/05 18:59
From version 
44.1 
44.1
edited by Super Admin
on 2026/03/13 00:18
on 2026/03/13 00:18
Change comment:
There is no comment for this version
To version 45.1
45.1
edited by Super Admin
on 2026/03/13 02:03
on 2026/03/13 02:03
Change comment:
There is no comment for this version
Summary
Details
-
Page properties
-
- Content
-
... ... @@ -102,8 +102,12 @@ 102 102 103 103 ## --- 投稿固定/解除処理 --- 104 104 #set($pinAction = $!request.action) 105 -#if(($pinAction == 'pin' || $pinAction == 'unpin') && ($viewerAccountType == 'admin' || $viewerAccountType == 'verified') && $services.csrf.isTokenValid($request.form_token)) 106 - #set($postObjNum = $mathtool.toInteger($!request.postObj)) 105 +#if(($pinAction == 'pin' || $pinAction == 'unpin') && ($viewerAccountType == 'admin' || ($viewerAccountType == 'verified' && $viewerSchoolCode == $schoolCode)) && $services.csrf.isTokenValid($request.form_token)) 106 + #set($pinPostObjStr = $!request.postObj) 107 + #if(!$pinPostObjStr.matches('^\d+$')) 108 + ## 不正な値 → 無視 109 + #else 110 + #set($postObjNum = $mathtool.toInteger($pinPostObjStr)) 107 107 #set($postObj = $doc.getObject('SeitokaiCode.ActivityPostClass', $postObjNum)) 108 108 #if($postObj) 109 109 #if($pinAction == 'pin') ... ... @@ -123,12 +123,15 @@ 123 123 $response.sendRedirect($doc.getURL('view')) 124 124 #stop 125 125 #end 130 + #end## /matches 126 126 #end 127 127 128 128 ## --- 特色ある活動 選定/解除処理 --- 129 129 #set($featAction = $!request.action) 130 -#if(($featAction == 'feature' || $featAction == 'unfeature') && ($viewerAccountType == 'admin' || $viewerAccountType == 'verified' || $viewerAccountType == 'referred') && $services.csrf.isTokenValid($request.form_token)) 131 - #set($actObjNum = $mathtool.toInteger($!request.actObj)) 135 +#if(($featAction == 'feature' || $featAction == 'unfeature') && ($viewerAccountType == 'admin' || (($viewerAccountType == 'verified' || $viewerAccountType == 'referred') && $viewerSchoolCode == $schoolCode)) && $services.csrf.isTokenValid($request.form_token)) 136 + #set($featActObjStr = $!request.actObj) 137 + #if($featActObjStr.matches('^\d+$')) 138 + #set($actObjNum = $mathtool.toInteger($featActObjStr)) 132 132 #set($actObj = $doc.getObject('SeitokaiCode.ActivityClass', $actObjNum)) 133 133 #if($actObj) 134 134 #if($featAction == 'feature') ... ... @@ -160,6 +160,7 @@ 160 160 $response.sendRedirect($doc.getURL('view')) 161 161 #stop 162 162 #end 170 + #end## /matches 163 163 #end 164 164 165 165 ## --- ユーザー情報取得 ---