Merge pull request #1344 from EC-CUBE/fix/security-csrf-delivery-delete

nanasess · web-flow · commit a87c5e2c3af9 · 2026-02-12T18:22:00.000+09:00
Fix CSRF: お届け先削除をPOSTリクエストに限定
diff --git a/data/class/pages/mypage/LC_Page_Mypage_Delivery.php b/data/class/pages/mypage/LC_Page_Mypage_Delivery.php
@@ -33,6 +33,9 @@ class LC_Page_Mypage_Delivery extends LC_Page_AbstractMypage_Ex
     /** @var array */
     public $arrOtherDeliv;
 
+    /** POST に限定する mode */
+    public $arrLimitPostMode = ['delete'];
+
     /**
      * Page を初期化する.
      *

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,9 @@ class LC_Page_Mypage_Delivery extends LC_Page_AbstractMypage_Ex`
`33`	`33`	`/** @var array */`
`34`	`34`	`public $arrOtherDeliv;`
`35`	`35`
	`36`	`+ /** POST に限定する mode */`
	`37`	`+ public $arrLimitPostMode = ['delete'];`
	`38`	`+`
`36`	`39`	`/**`
`37`	`40`	`* Page を初期化する.`
`38`	`41`	`*`