This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller\Admin\Product; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Controller\AbstractController; |
||
29 | use Eccube\Entity\Master\CsvType; |
||
30 | use Eccube\Event\EccubeEvents; |
||
31 | use Eccube\Event\EventArgs; |
||
32 | use Symfony\Component\HttpFoundation\Request; |
||
33 | use Symfony\Component\HttpFoundation\StreamedResponse; |
||
34 | use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; |
||
35 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
36 | |||
37 | class CategoryController extends AbstractController |
||
38 | { |
||
39 | 8 | public function index(Application $app, Request $request, $parent_id = null, $id = null) |
|
40 | { |
||
41 | 8 | if ($parent_id) { |
|
42 | 3 | $Parent = $app['eccube.repository.category']->find($parent_id); |
|
43 | 3 | if (!$Parent) { |
|
44 | 3 | throw new NotFoundHttpException('親カテゴリが存在しません'); |
|
45 | } |
||
46 | } else { |
||
47 | 5 | $Parent = null; |
|
48 | } |
||
49 | 8 | if ($id) { |
|
50 | 1 | $TargetCategory = $app['eccube.repository.category']->find($id); |
|
51 | 1 | if (!$TargetCategory) { |
|
52 | throw new NotFoundHttpException('カテゴリが存在しません'); |
||
53 | } |
||
54 | 1 | $Parent = $TargetCategory->getParent(); |
|
55 | } else { |
||
56 | 7 | $TargetCategory = new \Eccube\Entity\Category(); |
|
57 | 7 | $TargetCategory->setParent($Parent); |
|
58 | 7 | if ($Parent) { |
|
59 | 3 | $TargetCategory->setLevel($Parent->getLevel() + 1); |
|
60 | } else { |
||
61 | 4 | $TargetCategory->setLevel(1); |
|
62 | } |
||
63 | } |
||
64 | |||
65 | // |
||
66 | 8 | $builder = $app['form.factory'] |
|
67 | 8 | ->createBuilder('admin_category', $TargetCategory); |
|
68 | |||
69 | 8 | $event = new EventArgs( |
|
70 | array( |
||
71 | 8 | 'builder' => $builder, |
|
72 | 8 | 'Parent' => $Parent, |
|
73 | 8 | 'TargetCategory' => $TargetCategory, |
|
74 | ), |
||
75 | $request |
||
76 | ); |
||
77 | 8 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_PRODUCT_CATEGORY_INDEX_INITIALIZE, $event); |
|
78 | |||
79 | 8 | $form = $builder->getForm(); |
|
80 | |||
81 | // |
||
82 | 8 | if ($request->getMethod() === 'POST') { |
|
83 | 4 | $form->handleRequest($request); |
|
84 | 4 | if ($form->isValid()) { |
|
85 | 4 | if ($app['config']['category_nest_level'] < $TargetCategory->getLevel()) { |
|
86 | throw new BadRequestHttpException('リクエストが不正です'); |
||
87 | } |
||
88 | 4 | log_info('カテゴリ登録開始', array($id)); |
|
89 | 4 | $status = $app['eccube.repository.category']->save($TargetCategory); |
|
90 | |||
91 | 4 | View Code Duplication | if ($status) { |
92 | |||
93 | 4 | log_info('カテゴリ登録完了', array($id)); |
|
94 | |||
95 | 4 | $event = new EventArgs( |
|
96 | array( |
||
97 | 4 | 'form' => $form, |
|
98 | 4 | 'Parent' => $Parent, |
|
99 | 4 | 'TargetCategory' => $TargetCategory, |
|
100 | ), |
||
101 | $request |
||
102 | ); |
||
103 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_PRODUCT_CATEGORY_INDEX_COMPLETE, $event); |
|
104 | |||
105 | 4 | $app->addSuccess('admin.category.save.complete', 'admin'); |
|
106 | |||
107 | 4 | if ($Parent) { |
|
108 | 2 | return $app->redirect($app->url('admin_product_category_show', array('parent_id' => $Parent->getId()))); |
|
109 | } else { |
||
110 | 2 | return $app->redirect($app->url('admin_product_category')); |
|
111 | } |
||
112 | } else { |
||
113 | log_info('カテゴリ登録エラー', array($id)); |
||
114 | $app->addError('admin.category.save.error', 'admin'); |
||
115 | } |
||
116 | } |
||
117 | } |
||
118 | |||
119 | 4 | $Categories = $app['eccube.repository.category']->getList($Parent); |
|
120 | |||
121 | // ツリー表示のため、ルートからのカテゴリを取得 |
||
122 | 4 | $TopCategories = $app['eccube.repository.category']->getList(null); |
|
123 | |||
124 | 4 | return $app->render('Product/category.twig', array( |
|
125 | 4 | 'form' => $form->createView(), |
|
126 | 4 | 'Parent' => $Parent, |
|
127 | 4 | 'Categories' => $Categories, |
|
128 | 4 | 'TopCategories' => $TopCategories, |
|
129 | 4 | 'TargetCategory' => $TargetCategory, |
|
130 | )); |
||
131 | } |
||
132 | |||
133 | 2 | public function delete(Application $app, Request $request, $id) |
|
134 | { |
||
135 | 2 | $this->isTokenValid($app); |
|
136 | |||
137 | 2 | $TargetCategory = $app['eccube.repository.category']->find($id); |
|
138 | 2 | if (!$TargetCategory) { |
|
139 | $app->deleteMessage(); |
||
140 | return $app->redirect($app->url('admin_product_category')); |
||
141 | } |
||
142 | 2 | $Parent = $TargetCategory->getParent(); |
|
143 | |||
144 | 2 | log_info('カテゴリ削除開始', array($id)); |
|
145 | |||
146 | 2 | $status = $app['eccube.repository.category']->delete($TargetCategory); |
|
147 | |||
148 | 2 | View Code Duplication | if ($status === true) { |
149 | |||
150 | 2 | log_info('カテゴリ削除完了', array($id)); |
|
151 | |||
152 | 2 | $event = new EventArgs( |
|
153 | array( |
||
154 | 2 | 'Parent' => $Parent, |
|
155 | 2 | 'TargetCategory' => $TargetCategory, |
|
156 | ), |
||
157 | $request |
||
158 | ); |
||
159 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_PRODUCT_CATEGORY_DELETE_COMPLETE, $event); |
|
160 | |||
161 | 2 | $app->addSuccess('admin.category.delete.complete', 'admin'); |
|
162 | } else { |
||
163 | log_info('カテゴリ削除エラー', array($id)); |
||
164 | $app->addError('admin.category.delete.error', 'admin'); |
||
165 | } |
||
166 | |||
167 | 2 | if ($Parent) { |
|
168 | return $app->redirect($app->url('admin_product_category_show', array('parent_id' => $Parent->getId()))); |
||
169 | } else { |
||
170 | 2 | return $app->redirect($app->url('admin_product_category')); |
|
171 | } |
||
172 | } |
||
173 | |||
174 | 2 | View Code Duplication | public function moveRank(Application $app, Request $request) |
175 | { |
||
176 | 2 | if ($request->isXmlHttpRequest()) { |
|
177 | 2 | $ranks = $request->request->all(); |
|
178 | 2 | foreach ($ranks as $categoryId => $rank) { |
|
179 | /* @var $Category \Eccube\Entity\Category */ |
||
180 | 2 | $Category = $app['eccube.repository.category'] |
|
181 | 2 | ->find($categoryId); |
|
182 | 2 | $Category->setRank($rank); |
|
183 | 2 | $app['orm.em']->persist($Category); |
|
184 | } |
||
185 | 2 | $app['orm.em']->flush(); |
|
186 | } |
||
187 | 2 | return true; |
|
188 | } |
||
189 | |||
190 | |||
191 | /** |
||
192 | * カテゴリCSVの出力. |
||
193 | * |
||
194 | * @param Application $app |
||
195 | * @param Request $request |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
196 | * @return StreamedResponse |
||
197 | */ |
||
198 | public function export(Application $app, Request $request) |
||
199 | { |
||
200 | // タイムアウトを無効にする. |
||
201 | set_time_limit(0); |
||
202 | |||
203 | // sql loggerを無効にする. |
||
204 | $em = $app['orm.em']; |
||
205 | $em->getConfiguration()->setSQLLogger(null); |
||
206 | |||
207 | $response = new StreamedResponse(); |
||
208 | $response->setCallback(function () use ($app, $request) { |
||
209 | |||
210 | // CSV種別を元に初期化. |
||
211 | $app['eccube.service.csv.export']->initCsvType(CsvType::CSV_TYPE_CATEGORY); |
||
212 | |||
213 | // ヘッダ行の出力. |
||
214 | $app['eccube.service.csv.export']->exportHeader(); |
||
215 | |||
216 | $qb = $app['eccube.repository.category'] |
||
217 | ->createQueryBuilder('c') |
||
218 | ->orderBy('c.rank', 'DESC'); |
||
219 | |||
220 | // データ行の出力. |
||
221 | $app['eccube.service.csv.export']->setExportQueryBuilder($qb); |
||
222 | View Code Duplication | $app['eccube.service.csv.export']->exportData(function ($entity, $csvService) use ($app, $request) { |
|
223 | |||
224 | $Csvs = $csvService->getCsvs(); |
||
225 | |||
226 | /** @var $Category \Eccube\Entity\Category */ |
||
227 | $Category = $entity; |
||
228 | |||
229 | // CSV出力項目と合致するデータを取得. |
||
230 | $ExportCsvRow = new \Eccube\Entity\ExportCsvRow(); |
||
231 | foreach ($Csvs as $Csv) { |
||
232 | $ExportCsvRow->setData($csvService->getData($Csv, $Category)); |
||
233 | |||
234 | $event = new EventArgs( |
||
235 | array( |
||
236 | 'csvService' => $csvService, |
||
237 | 'Csv' => $Csv, |
||
238 | 'Category' => $Category, |
||
239 | 'ExportCsvRow' => $ExportCsvRow, |
||
240 | ), |
||
241 | $request |
||
242 | ); |
||
243 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_PRODUCT_CATEGORY_CSV_EXPORT, $event); |
||
244 | |||
245 | $ExportCsvRow->pushData(); |
||
246 | } |
||
247 | |||
248 | //$row[] = number_format(memory_get_usage(true)); |
||
249 | // 出力. |
||
250 | $csvService->fputcsv($ExportCsvRow->getRow()); |
||
251 | }); |
||
252 | }); |
||
253 | |||
254 | $now = new \DateTime(); |
||
255 | $filename = 'category_' . $now->format('YmdHis') . '.csv'; |
||
256 | $response->headers->set('Content-Type', 'application/octet-stream'); |
||
257 | $response->headers->set('Content-Disposition', 'attachment; filename=' . $filename); |
||
258 | $response->send(); |
||
259 | |||
260 | log_info('カテゴリCSV出力ファイル名', array($filename)); |
||
261 | |||
262 | return $response; |
||
263 | } |
||
264 | } |
||
265 |