From 40b6f72f0f07c5a8804958451db6e47a1c969d97 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E3=81=AE=E3=81=B6?= <nobuhiko.kimoto@gmail.com>
Date: Fri, 16 Nov 2018 21:13:45 +0900
Subject: [PATCH] =?UTF-8?q?fixed=20#234=20admin=E3=82=92=E7=A6=81=E6=AD=A2?=
 =?UTF-8?q?=E3=81=AB=E3=81=99=E3=82=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../pages/admin/system/LC_Page_Admin_System_AdminArea.php  | 7 +++++--
 html/admin/.htaccess                                       | 4 ++++
 html/install/index.php                                     | 5 ++++-
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 html/admin/.htaccess

diff --git a/data/class/pages/admin/system/LC_Page_Admin_System_AdminArea.php b/data/class/pages/admin/system/LC_Page_Admin_System_AdminArea.php
index 5e43a830d4..a45fa842da 100644
--- a/data/class/pages/admin/system/LC_Page_Admin_System_AdminArea.php
+++ b/data/class/pages/admin/system/LC_Page_Admin_System_AdminArea.php
@@ -136,9 +136,12 @@ public function lfCheckAdminArea(&$arrForm, &$arrErr)
 
         $installData = file(CONFIG_REALFILE, FILE_IGNORE_NEW_LINES);
         foreach ($installData as $key=>$line) {
-            if (strpos($line, 'ADMIN_DIR') !== false and ADMIN_DIR != $admin_dir) {
+            if (strpos($line, 'ADMIN_DIR') !== false && ADMIN_DIR != $admin_dir) {
+                if ($admin_dir == 'admin/') {
+                    $arrErr['admin_dir'] .= '別のディレクトリ名を指定してください。';
+                }
                 //既存ディレクトリのチェック
-                if (file_exists(HTML_REALDIR . $admin_dir) and $admin_dir != 'admin/') {
+                if (file_exists(HTML_REALDIR . $admin_dir) && $admin_dir != 'admin/') {
                     $arrErr['admin_dir'] .= ROOT_URLPATH . $admin_dir . 'は既に存在しています。別のディレクトリ名を指定してください。';
                 }
                 //権限チェック
diff --git a/html/admin/.htaccess b/html/admin/.htaccess
new file mode 100644
index 0000000000..afa6d16d4d
--- /dev/null
+++ b/html/admin/.htaccess
@@ -0,0 +1,4 @@
+#AuthType Basic
+#AuthName "secret area"
+#AuthUserFile /.htpasswd
+#Require valid-user
diff --git a/html/install/index.php b/html/install/index.php
index f72d83d323..8e25e898d1 100644
--- a/html/install/index.php
+++ b/html/install/index.php
@@ -790,7 +790,10 @@ function lfCheckWebError($objWebParam)
     $oldAdminDir = SC_Utils_Ex::sfTrimURL(ADMIN_DIR);
     $newAdminDir = $objWebParam->getValue('admin_dir');
     if ($newAdminDir) {
-        if ($oldAdminDir !== $newAdminDir AND file_exists(HTML_REALDIR . $newAdminDir) and $newAdminDir != 'admin') {
+        if ($newAdminDir == 'admin') { // admin を禁止する
+            $objErr->arrErr['admin_dir'] = '※ 別の名前を指定してください。';
+
+        } else if ($oldAdminDir !== $newAdminDir AND file_exists(HTML_REALDIR . $newAdminDir) and $newAdminDir != 'admin') {
             $objErr->arrErr['admin_dir'] = '※ 指定した管理機能ディレクトリは既に存在しています。別の名前を指定してください。';
         }
     }