This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller\Admin\Setting\Shop; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Controller\AbstractController; |
||
30 | use Eccube\Event\EccubeEvents; |
||
31 | use Eccube\Event\EventArgs; |
||
32 | use Symfony\Component\Filesystem\Filesystem; |
||
33 | use Symfony\Component\HttpFoundation\Request; |
||
34 | use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; |
||
35 | use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException; |
||
36 | |||
37 | class PaymentController extends AbstractController |
||
38 | { |
||
39 | 1 | View Code Duplication | public function index(Application $app, Request $request) |
40 | { |
||
41 | 1 | $Payments = $app['eccube.repository.payment'] |
|
42 | 1 | ->findBy( |
|
43 | 1 | array('del_flg' => 0), |
|
44 | 1 | array('rank' => 'DESC') |
|
45 | ); |
||
46 | |||
47 | 1 | $event = new EventArgs( |
|
48 | array( |
||
49 | 1 | 'Payments' => $Payments, |
|
50 | ), |
||
51 | $request |
||
52 | ); |
||
53 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SHOP_PAYMENT_INDEX_COMPLETE, $event); |
|
54 | |||
55 | 1 | return $app->render('Setting/Shop/payment.twig', array( |
|
56 | 1 | 'Payments' => $Payments, |
|
57 | )); |
||
58 | } |
||
59 | |||
60 | 6 | public function edit(Application $app, Request $request, $id = null) |
|
61 | { |
||
62 | 6 | $Payment = $app['eccube.repository.payment'] |
|
63 | 6 | ->findOrCreate($id); |
|
64 | |||
65 | 6 | $builder = $app['form.factory'] |
|
66 | 6 | ->createBuilder('payment_register'); |
|
67 | |||
68 | 6 | $event = new EventArgs( |
|
69 | array( |
||
70 | 6 | 'builder' => $builder, |
|
71 | 6 | 'Payment' => $Payment, |
|
72 | ), |
||
73 | $request |
||
74 | ); |
||
75 | 6 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SHOP_PAYMENT_EDIT_INITIALIZE, $event); |
|
76 | |||
77 | 6 | $form = $builder->getForm(); |
|
78 | |||
79 | 6 | $form->setData($Payment); |
|
80 | |||
81 | // 登録ボタン押下 |
||
82 | 6 | if ('POST' === $app['request']->getMethod()) { |
|
83 | 4 | $form->handleRequest($app['request']); |
|
84 | |||
85 | 4 | if ($form->isValid()) { |
|
86 | 2 | $PaymentData = $form->getData(); |
|
87 | |||
88 | // 手数料を設定できない場合には、手数料を0にする |
||
89 | 2 | if ($PaymentData->getChargeFlg() == 2) { |
|
90 | $PaymentData->setCharge(0); |
||
91 | } |
||
92 | |||
93 | // ファイルアップロード |
||
94 | 2 | $file = $form['payment_image']->getData(); |
|
95 | 2 | $fs = new Filesystem(); |
|
96 | 2 | if ($file && $fs->exists($app['config']['image_temp_realdir'] . '/' . $file)) { |
|
97 | $fs->rename( |
||
98 | $app['config']['image_temp_realdir'] . '/' . $file, |
||
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
99 | $app['config']['image_save_realdir'] . '/' . $file |
||
0 ignored issues
–
show
|
|||
100 | ); |
||
101 | } |
||
102 | |||
103 | 2 | $app['orm.em']->persist($PaymentData); |
|
104 | |||
105 | 2 | $app['orm.em']->flush(); |
|
106 | |||
107 | 2 | $event = new EventArgs( |
|
108 | array( |
||
109 | 2 | 'form' => $form, |
|
110 | 2 | 'Payment' => $Payment, |
|
111 | ), |
||
112 | $request |
||
113 | ); |
||
114 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SHOP_PAYMENT_EDIT_COMPLETE, $event); |
|
115 | |||
116 | 2 | $app->addSuccess('admin.register.complete', 'admin'); |
|
117 | |||
118 | 2 | return $app->redirect($app->url('admin_setting_shop_payment')); |
|
119 | } |
||
120 | } |
||
121 | |||
122 | 4 | return $app->render('Setting/Shop/payment_edit.twig', array( |
|
123 | 4 | 'form' => $form->createView(), |
|
124 | 4 | 'payment_id' => $id, |
|
125 | 4 | 'Payment' => $Payment, |
|
126 | )); |
||
127 | } |
||
128 | |||
129 | 2 | public function imageAdd(Application $app, Request $request) |
|
130 | { |
||
131 | 2 | if (!$request->isXmlHttpRequest()) { |
|
132 | 1 | throw new BadRequestHttpException(); |
|
133 | } |
||
134 | |||
135 | 1 | $images = $request->files->get('payment_register'); |
|
136 | 1 | $filename = null; |
|
137 | 1 | if (isset($images['payment_image_file'])) { |
|
138 | $image = $images['payment_image_file']; |
||
139 | |||
140 | //ファイルフォーマット検証 |
||
141 | $mimeType = $image->getMimeType(); |
||
142 | if (0 !== strpos($mimeType, 'image')) { |
||
143 | throw new UnsupportedMediaTypeHttpException(); |
||
144 | } |
||
145 | |||
146 | $extension = $image->guessExtension(); |
||
147 | $filename = date('mdHis') . uniqid('_') . '.' . $extension; |
||
0 ignored issues
–
show
|
|||
148 | $image->move($app['config']['image_temp_realdir'], $filename); |
||
149 | } |
||
150 | 1 | $event = new EventArgs( |
|
151 | array( |
||
152 | 1 | 'images' => $images, |
|
153 | 1 | 'filename' => $filename, |
|
154 | ), |
||
155 | $request |
||
156 | ); |
||
157 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SHOP_PAYMENT_IMAGE_ADD_COMPLETE, $event); |
|
158 | 1 | $filename = $event->getArgument('filename'); |
|
159 | |||
160 | 1 | return $app->json(array('filename' => $filename), 200); |
|
161 | } |
||
162 | |||
163 | 2 | public function delete(Application $app, Request $request, $id) |
|
164 | { |
||
165 | 2 | $this->isTokenValid($app); |
|
166 | |||
167 | 2 | $Payment = $app['eccube.repository.payment']->find($id); |
|
168 | 2 | if (!$Payment) { |
|
169 | 1 | $app->deleteMessage(); |
|
170 | 1 | return $app->redirect($app->url('admin_setting_shop_payment')); |
|
171 | } |
||
172 | |||
173 | $Payment |
||
174 | 1 | ->setDelFlg(Constant::ENABLED) |
|
175 | 1 | ->setRank(0); |
|
176 | 1 | $app['orm.em']->persist($Payment); |
|
177 | |||
178 | 1 | $rank = 1; |
|
179 | 1 | $Payments = $app['eccube.repository.payment']->findBy(array('del_flg' => Constant::DISABLED), array('rank' => 'ASC')); |
|
180 | 1 | foreach ($Payments as $Payment) { |
|
181 | 1 | if ($Payment->getId() != $id) { |
|
182 | 1 | $Payment->setRank($rank); |
|
183 | 1 | $rank ++; |
|
184 | } |
||
185 | } |
||
186 | |||
187 | 1 | $app['orm.em']->flush(); |
|
188 | |||
189 | 1 | $event = new EventArgs( |
|
190 | array( |
||
191 | 1 | 'Payment' => $Payment, |
|
192 | ), |
||
193 | $request |
||
194 | ); |
||
195 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_SETTING_SHOP_PAYMENT_DELETE_COMPLETE, $event); |
|
196 | |||
197 | 1 | $app->addSuccess('admin.delete.complete', 'admin') ; |
|
198 | |||
199 | 1 | return $app->redirect($app->url('admin_setting_shop_payment')); |
|
200 | } |
||
201 | |||
202 | 1 | View Code Duplication | public function up(Application $app, $id) |
203 | { |
||
204 | 1 | $this->isTokenValid($app); |
|
205 | |||
206 | 1 | $repo = $app['orm.em']->getRepository('Eccube\Entity\Payment'); |
|
207 | |||
208 | 1 | $current = $repo->find($id); |
|
209 | 1 | $currentRank = $current->getRank(); |
|
210 | |||
211 | 1 | $targetRank = $currentRank + 1; |
|
212 | 1 | $target = $repo->findOneBy(array('rank' => $targetRank)); |
|
213 | |||
214 | 1 | $app['orm.em']->persist($target->setRank($currentRank)); |
|
215 | 1 | $app['orm.em']->persist($current->setRank($targetRank)); |
|
216 | 1 | $app['orm.em']->flush(); |
|
217 | |||
218 | 1 | $app->addSuccess('admin.rank.move.complete', 'admin'); |
|
219 | |||
220 | 1 | return $app->redirect($app->url('admin_setting_shop_payment')); |
|
221 | } |
||
222 | |||
223 | 1 | View Code Duplication | public function down(Application $app, $id) |
224 | { |
||
225 | 1 | $this->isTokenValid($app); |
|
226 | |||
227 | 1 | $repo = $app['orm.em']->getRepository('Eccube\Entity\Payment'); |
|
228 | |||
229 | 1 | $current = $repo->find($id); |
|
230 | 1 | $currentRank = $current->getRank(); |
|
231 | |||
232 | 1 | $targetRank = $currentRank - 1; |
|
233 | 1 | $target = $repo->findOneBy(array('rank' => $targetRank)); |
|
234 | |||
235 | 1 | $app['orm.em']->persist($target->setRank($currentRank)); |
|
236 | 1 | $app['orm.em']->persist($current->setRank($targetRank)); |
|
237 | 1 | $app['orm.em']->flush(); |
|
238 | |||
239 | 1 | $app->addSuccess('admin.rank.move.complete', 'admin'); |
|
240 | |||
241 | 1 | return $app->redirect($app->url('admin_setting_shop_payment')); |
|
242 | } |
||
243 | } |
||
244 |