This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller\Admin\Content; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Event\EccubeEvents; |
||
29 | use Eccube\Event\EventArgs; |
||
30 | use Symfony\Component\HttpFoundation\Request; |
||
31 | |||
32 | class LayoutController |
||
33 | { |
||
34 | private $isPreview = false; |
||
35 | |||
36 | 6 | public function index(Application $app, Request $request, $id = 1, $origId = 1) |
|
37 | { |
||
38 | 6 | $DeviceType = $app['eccube.repository.master.device_type'] |
|
39 | 6 | ->find(\Eccube\Entity\Master\DeviceType::DEVICE_TYPE_PC); |
|
40 | |||
41 | // 編集対象ページ |
||
42 | /* @var $TargetPageLayout \Eccube\Entity\PageLayout */ |
||
43 | 6 | $TargetPageLayout = $app['eccube.repository.page_layout']->get($DeviceType, $id); |
|
44 | 6 | $OrigTargetPageLayout = $app['eccube.repository.page_layout']->get($DeviceType, $origId); |
|
45 | 6 | $Blocks = $app['orm.em']->getRepository('Eccube\Entity\Block') |
|
46 | 6 | ->findBy(array( |
|
47 | 6 | 'DeviceType' => $DeviceType, |
|
48 | )); |
||
49 | 6 | $BlockPositions = $TargetPageLayout->getBlockPositions(); |
|
50 | |||
51 | |||
52 | 6 | $builderLayout = $app['form.factory'] |
|
53 | 6 | ->createBuilder('admin_page_layout'); |
|
54 | |||
55 | // 未使用ブロックの取得 |
||
56 | 6 | $unusedBlocks = $app['eccube.repository.page_layout']->findUnusedBlocks($DeviceType, $id); |
|
57 | 6 | foreach ($unusedBlocks as $unusedBlock) { |
|
58 | 2 | $UnusedBlockPosition = new \Eccube\Entity\BlockPosition(); |
|
59 | $UnusedBlockPosition |
||
60 | 2 | ->setPageId($id) |
|
61 | 2 | ->setTargetId(\Eccube\Entity\PageLayout::TARGET_ID_UNUSED) |
|
62 | 2 | ->setAnywhere(0) |
|
63 | 2 | ->setBlockRow(0) |
|
64 | 2 | ->setBlockId($unusedBlock->getId()) |
|
65 | 2 | ->setBlock($unusedBlock) |
|
66 | 2 | ->setPageLayout($TargetPageLayout); |
|
67 | 6 | $TargetPageLayout->addBlockPosition($UnusedBlockPosition); |
|
68 | } |
||
69 | |||
70 | 6 | $builder = $app['form.factory'] |
|
71 | 6 | ->createBuilder(); |
|
72 | |||
73 | 6 | $event = new EventArgs( |
|
74 | array( |
||
75 | 6 | 'builder' => $builder, |
|
76 | 6 | 'builderLayout' => $builderLayout, |
|
77 | 6 | 'DeviceType' => $DeviceType, |
|
78 | 6 | 'TargetPageLayout' => $TargetPageLayout, |
|
79 | 6 | 'OrigTargetPageLayout' => $OrigTargetPageLayout, |
|
80 | 6 | 'Blocks' => $Blocks, |
|
81 | 6 | 'BlockPositions' => $BlockPositions, |
|
82 | ), |
||
83 | $request |
||
84 | ); |
||
85 | 6 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_CONTENT_LAYOUT_INDEX_INITIALIZE, $event); |
|
86 | |||
87 | 6 | $listForm = $builderLayout->getForm(); |
|
88 | |||
89 | 6 | $listForm->get('layout')->setData($TargetPageLayout); |
|
90 | |||
91 | 6 | $form = $builder->getForm(); |
|
92 | |||
93 | 6 | if ('POST' === $request->getMethod()) { |
|
94 | 4 | $form->handleRequest($request); |
|
95 | |||
96 | 4 | if ($form->isValid()) { |
|
97 | // 消す |
||
98 | 4 | foreach ($BlockPositions as $BlockPosition) { |
|
99 | 4 | if ($BlockPosition->getPageId() == $id || $BlockPosition->getAnywhere() == 0) { |
|
100 | 4 | $TargetPageLayout->removeBlockPosition($BlockPosition); |
|
101 | 4 | $app['orm.em']->remove($BlockPosition); |
|
102 | } |
||
103 | } |
||
104 | 4 | $app['orm.em']->flush(); |
|
105 | |||
106 | // TODO: collection を利用 |
||
107 | |||
108 | 4 | $data = $request->request->all(); |
|
109 | 4 | $max = count($Blocks); |
|
110 | 4 | for ($i = 0; $i < $max; $i++) { |
|
111 | // block_id が取得できない場合は INSERT しない |
||
112 | 4 | if (!isset($data['id_' . $i])) { |
|
113 | 4 | continue; |
|
114 | } |
||
115 | // 未使用は INSERT しない |
||
116 | 4 | if ($data['target_id_' . $i] == \Eccube\Entity\PageLayout::TARGET_ID_UNUSED) { |
|
117 | continue; |
||
118 | } |
||
119 | // 他のページに anywhere が存在する場合は INSERT しない |
||
120 | 4 | $anywhere = (isset($data['anywhere_' . $i]) && $data['anywhere_' . $i] == 1) ? 1 : 0; |
|
121 | 4 | if (isset($data['anywhere_' . $i]) && $data['anywhere_' . $i] == 1) { |
|
122 | $Other = $app['orm.em']->getRepository('Eccube\Entity\BlockPosition') |
||
123 | ->findBy(array( |
||
124 | 'anywhere' => 1, |
||
125 | 'block_id' => $data['id_' . $i], |
||
126 | )); |
||
127 | if (count($Other) > 0) { |
||
128 | continue; |
||
129 | } |
||
130 | } |
||
131 | |||
132 | 4 | $BlockPosition = new \Eccube\Entity\BlockPosition(); |
|
133 | 4 | $Block = $app['orm.em']->getRepository('Eccube\Entity\Block') |
|
134 | 4 | ->findOneBy(array( |
|
135 | 4 | 'id' => $data['id_' . $i], |
|
136 | 4 | 'DeviceType' => $DeviceType, |
|
137 | )); |
||
138 | $BlockPosition |
||
139 | 4 | ->setPageId($id) |
|
140 | 4 | ->setBlockId($data['id_' . $i]) |
|
141 | 4 | ->setBlockRow($data['top_' . $i]) |
|
142 | 4 | ->setTargetId($data['target_id_' . $i]) |
|
143 | 4 | ->setBlock($Block) |
|
144 | 4 | ->setPageLayout($TargetPageLayout) |
|
145 | 4 | ->setAnywhere($anywhere); |
|
146 | 4 | if ($id == 0) { |
|
147 | 2 | $BlockPosition->setAnywhere(0); |
|
148 | } |
||
149 | 4 | $TargetPageLayout->addBlockPosition($BlockPosition); |
|
150 | 4 | $app['orm.em']->persist($BlockPosition); |
|
151 | } |
||
152 | |||
153 | 4 | $app['orm.em']->persist($TargetPageLayout); |
|
154 | 4 | $app['orm.em']->flush(); |
|
155 | |||
156 | 4 | $event = new EventArgs( |
|
157 | array( |
||
158 | 4 | 'form' => $form, |
|
159 | 4 | 'DeviceType' => $DeviceType, |
|
160 | 4 | 'TargetPageLayout' => $TargetPageLayout, |
|
161 | 4 | 'OrigTargetPageLayout' => $OrigTargetPageLayout, |
|
162 | 4 | 'Blocks' => $Blocks, |
|
163 | 4 | 'BlockPositions' => $BlockPositions, |
|
164 | ), |
||
165 | $request |
||
166 | ); |
||
167 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_CONTENT_LAYOUT_INDEX_COMPLETE, $event); |
|
168 | |||
169 | 4 | if ($this->isPreview) { |
|
170 | 2 | if ($OrigTargetPageLayout->getEditFlg()) { |
|
171 | 2 | if ($OrigTargetPageLayout->getUrl() === 'product_detail') { |
|
172 | $products = $app['eccube.repository.product']->createQueryBUilder('p') |
||
173 | ->where('p.Status = 1') |
||
174 | ->getQuery() |
||
175 | ->getResult(); |
||
176 | $product = null; |
||
177 | foreach ($products as $p) { |
||
178 | $product = $p; |
||
179 | break; |
||
180 | } |
||
181 | if (is_null($product)) { |
||
182 | return ''; |
||
183 | } |
||
184 | return $app->redirect($app->url($OrigTargetPageLayout->getUrl(), array('preview' => 1, 'id' => $product->getId()))); |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
185 | } else { |
||
186 | 2 | return $app->redirect($app->url($OrigTargetPageLayout->getUrl(), array('preview' => 1))); |
|
187 | } |
||
188 | } else { |
||
189 | return $app->redirect($app->url('homepage').$app['config']['user_data_route']."/".$OrigTargetPageLayout->getUrl().'?preview=1'); |
||
190 | } |
||
191 | } else { |
||
192 | 2 | $app->addSuccess('admin.register.complete', 'admin'); |
|
193 | 2 | return $app->redirect($app->url('admin_content_layout_edit', array('id' => $id))); |
|
0 ignored issues
–
show
|
|||
194 | } |
||
195 | |||
196 | } |
||
197 | |||
198 | } |
||
199 | |||
200 | 2 | return $app->render('Content/layout.twig', array( |
|
201 | 2 | 'form' => $form->createView(), |
|
202 | 2 | 'list_form' => $listForm->createView(), |
|
203 | 2 | 'TargetPageLayout' => $TargetPageLayout, |
|
204 | )); |
||
205 | } |
||
206 | |||
207 | 2 | public function preview(Application $app, Request $request, $id) |
|
208 | { |
||
209 | 2 | $this->isPreview = true; |
|
210 | 2 | return $this->index($app, $request, 0, $id); |
|
0 ignored issues
–
show
|
|||
211 | } |
||
212 | |||
213 | } |
||
214 |