This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Event\EccubeEvents; |
||
30 | use Eccube\Event\EventArgs; |
||
31 | use Eccube\Exception\CartException; |
||
32 | use Symfony\Component\HttpFoundation\Request; |
||
33 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
34 | |||
35 | class ProductController |
||
36 | { |
||
37 | |||
38 | private $title; |
||
39 | |||
40 | 17 | public function __construct() |
|
41 | { |
||
42 | 17 | $this->title = ''; |
|
43 | } |
||
44 | |||
45 | 4 | public function index(Application $app, Request $request) |
|
46 | { |
||
47 | 4 | $BaseInfo = $app['eccube.repository.base_info']->get(); |
|
48 | |||
49 | // Doctrine SQLFilter |
||
50 | 4 | if ($BaseInfo->getNostockHidden() === Constant::ENABLED) { |
|
51 | $app['orm.em']->getFilters()->enable('nostock_hidden'); |
||
52 | } |
||
53 | |||
54 | // handleRequestは空のqueryの場合は無視するため |
||
55 | 4 | if ($request->getMethod() === 'GET') { |
|
56 | 4 | $request->query->set('pageno', $request->query->get('pageno', '')); |
|
57 | } |
||
58 | |||
59 | // searchForm |
||
60 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
||
61 | 4 | $builder = $app['form.factory']->createNamedBuilder('', 'search_product'); |
|
62 | 4 | $builder->setAttribute('freeze', true); |
|
63 | 4 | $builder->setAttribute('freeze_display_text', false); |
|
64 | 4 | if ($request->getMethod() === 'GET') { |
|
65 | 4 | $builder->setMethod('GET'); |
|
66 | } |
||
67 | |||
68 | 4 | $event = new EventArgs( |
|
69 | array( |
||
70 | 4 | 'builder' => $builder, |
|
71 | ), |
||
72 | $request |
||
73 | ); |
||
74 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_INITIALIZE, $event); |
|
75 | |||
76 | /* @var $searchForm \Symfony\Component\Form\FormInterface */ |
||
77 | 4 | $searchForm = $builder->getForm(); |
|
78 | |||
79 | 4 | $searchForm->handleRequest($request); |
|
80 | |||
81 | // paginator |
||
82 | 4 | $searchData = $searchForm->getData(); |
|
83 | 4 | $qb = $app['eccube.repository.product']->getQueryBuilderBySearchData($searchData); |
|
84 | |||
85 | 4 | $event = new EventArgs( |
|
86 | array( |
||
87 | 4 | 'searchData' => $searchData, |
|
88 | 4 | 'qb' => $qb, |
|
89 | ), |
||
90 | $request |
||
91 | ); |
||
92 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_SEARCH, $event); |
|
93 | 4 | $searchData = $event->getArgument('searchData'); |
|
94 | |||
95 | 4 | $pagination = $app['paginator']()->paginate( |
|
96 | $qb, |
||
97 | 4 | !empty($searchData['pageno']) ? $searchData['pageno'] : 1, |
|
98 | 4 | $searchData['disp_number']->getId() |
|
99 | ); |
||
100 | |||
101 | // addCart form |
||
102 | 4 | $forms = array(); |
|
103 | 4 | foreach ($pagination as $Product) { |
|
104 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
||
105 | 4 | $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array( |
|
106 | 4 | 'product' => $Product, |
|
107 | 'allow_extra_fields' => true, |
||
108 | )); |
||
109 | 4 | $addCartForm = $builder->getForm(); |
|
110 | |||
111 | 4 | if ($request->getMethod() === 'POST' && (string)$Product->getId() === $request->get('product_id')) { |
|
112 | $addCartForm->handleRequest($request); |
||
113 | |||
114 | if ($addCartForm->isValid()) { |
||
115 | $addCartData = $addCartForm->getData(); |
||
116 | |||
117 | try { |
||
118 | $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save(); |
||
119 | } catch (CartException $e) { |
||
120 | $app->addRequestError($e->getMessage()); |
||
121 | } |
||
122 | |||
123 | $event = new EventArgs( |
||
124 | array( |
||
125 | 'form' => $addCartForm, |
||
126 | 'Product' => $Product, |
||
127 | ), |
||
128 | $request |
||
129 | ); |
||
130 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_COMPLETE, $event); |
||
131 | |||
132 | if ($event->getResponse() !== null) { |
||
133 | return $event->getResponse(); |
||
134 | } |
||
135 | |||
136 | return $app->redirect($app->url('cart')); |
||
137 | } |
||
138 | } |
||
139 | |||
140 | 4 | $forms[$Product->getId()] = $addCartForm->createView(); |
|
141 | } |
||
142 | |||
143 | // 表示件数 |
||
144 | 4 | $builder = $app['form.factory']->createNamedBuilder('disp_number', 'product_list_max', null, array( |
|
145 | 4 | 'empty_data' => null, |
|
146 | 'required' => false, |
||
147 | 'label' => '表示件数', |
||
148 | 'allow_extra_fields' => true, |
||
149 | )); |
||
150 | 4 | if ($request->getMethod() === 'GET') { |
|
151 | 4 | $builder->setMethod('GET'); |
|
152 | } |
||
153 | |||
154 | 4 | $event = new EventArgs( |
|
155 | array( |
||
156 | 4 | 'builder' => $builder, |
|
157 | ), |
||
158 | $request |
||
159 | ); |
||
160 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_DISP, $event); |
|
161 | |||
162 | 4 | $dispNumberForm = $builder->getForm(); |
|
163 | |||
164 | 4 | $dispNumberForm->handleRequest($request); |
|
165 | |||
166 | // ソート順 |
||
167 | 4 | $builder = $app['form.factory']->createNamedBuilder('orderby', 'product_list_order_by', null, array( |
|
168 | 4 | 'empty_data' => null, |
|
169 | 'required' => false, |
||
170 | 'label' => '表示順', |
||
171 | 'allow_extra_fields' => true, |
||
172 | )); |
||
173 | 4 | if ($request->getMethod() === 'GET') { |
|
174 | 4 | $builder->setMethod('GET'); |
|
175 | } |
||
176 | |||
177 | 4 | $event = new EventArgs( |
|
178 | array( |
||
179 | 4 | 'builder' => $builder, |
|
180 | ), |
||
181 | $request |
||
182 | ); |
||
183 | 4 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_ORDER, $event); |
|
184 | |||
185 | 4 | $orderByForm = $builder->getForm(); |
|
186 | |||
187 | 4 | $orderByForm->handleRequest($request); |
|
188 | |||
189 | 4 | $Category = $searchForm->get('category_id')->getData(); |
|
190 | |||
191 | 4 | return $app->render('Product/list.twig', array( |
|
192 | 4 | 'subtitle' => $this->getPageTitle($searchData), |
|
193 | 4 | 'pagination' => $pagination, |
|
194 | 4 | 'search_form' => $searchForm->createView(), |
|
195 | 4 | 'disp_number_form' => $dispNumberForm->createView(), |
|
196 | 4 | 'order_by_form' => $orderByForm->createView(), |
|
197 | 4 | 'forms' => $forms, |
|
198 | 4 | 'Category' => $Category, |
|
199 | )); |
||
200 | } |
||
201 | |||
202 | 13 | public function detail(Application $app, Request $request, $id) |
|
203 | { |
||
204 | 13 | $BaseInfo = $app['eccube.repository.base_info']->get(); |
|
205 | 13 | if ($BaseInfo->getNostockHidden() === Constant::ENABLED) { |
|
206 | $app['orm.em']->getFilters()->enable('nostock_hidden'); |
||
207 | } |
||
208 | |||
209 | /* @var $Product \Eccube\Entity\Product */ |
||
210 | 13 | $Product = $app['eccube.repository.product']->get($id); |
|
211 | 13 | if (!$request->getSession()->has('_security_admin') && $Product->getStatus()->getId() !== 1) { |
|
212 | 1 | throw new NotFoundHttpException(); |
|
213 | } |
||
214 | 13 | if (count($Product->getProductClasses()) < 1) { |
|
215 | throw new NotFoundHttpException(); |
||
216 | } |
||
217 | |||
218 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
||
219 | 13 | $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array( |
|
220 | 13 | 'product' => $Product, |
|
221 | 'id_add_product_id' => false, |
||
222 | )); |
||
223 | |||
224 | 13 | $event = new EventArgs( |
|
225 | array( |
||
226 | 13 | 'builder' => $builder, |
|
227 | 13 | 'Product' => $Product, |
|
228 | ), |
||
229 | $request |
||
230 | ); |
||
231 | 13 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_INITIALIZE, $event); |
|
232 | |||
233 | /* @var $form \Symfony\Component\Form\FormInterface */ |
||
234 | 13 | $form = $builder->getForm(); |
|
235 | |||
236 | 13 | if ($request->getMethod() === 'POST') { |
|
237 | 9 | $form->handleRequest($request); |
|
238 | |||
239 | 9 | if ($form->isValid()) { |
|
240 | 7 | $addCartData = $form->getData(); |
|
241 | 7 | if ($addCartData['mode'] === 'add_favorite') { |
|
242 | 2 | if ($app->isGranted('ROLE_USER')) { |
|
243 | 2 | $Customer = $app->user(); |
|
244 | 2 | $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product); |
|
245 | 2 | $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId()); |
|
246 | |||
247 | 2 | $event = new EventArgs( |
|
248 | array( |
||
249 | 2 | 'form' => $form, |
|
250 | 2 | 'Product' => $Product, |
|
251 | ), |
||
252 | $request |
||
253 | ); |
||
254 | 2 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_FAVORITE, $event); |
|
255 | |||
256 | 2 | if ($event->getResponse() !== null) { |
|
257 | return $event->getResponse(); |
||
258 | } |
||
259 | |||
260 | 2 | return $app->redirect($app->url('product_detail', array('id' => $Product->getId()))); |
|
261 | } else { |
||
262 | // 非会員の場合、ログイン画面を表示 |
||
263 | // ログイン後の画面遷移先を設定 |
||
264 | $app->setLoginTargetPath($app->url('product_detail', array('id' => $Product->getId()))); |
||
265 | $app['session']->getFlashBag()->set('eccube.add.favorite', true); |
||
266 | return $app->redirect($app->url('mypage_login')); |
||
267 | } |
||
268 | 5 | } elseif ($addCartData['mode'] === 'add_cart') { |
|
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
269 | |||
270 | 5 | log_info('カート追加処理開始', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity'])); |
|
271 | |||
272 | try { |
||
273 | 5 | $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save(); |
|
274 | 1 | } catch (CartException $e) { |
|
275 | 1 | log_info('カート追加エラー', array($e->getMessage())); |
|
276 | 1 | $app->addRequestError($e->getMessage()); |
|
277 | } |
||
278 | |||
279 | 5 | log_info('カート追加処理完了', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity'])); |
|
280 | |||
281 | 5 | $event = new EventArgs( |
|
282 | array( |
||
283 | 5 | 'form' => $form, |
|
284 | 5 | 'Product' => $Product, |
|
285 | ), |
||
286 | $request |
||
287 | ); |
||
288 | 5 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_COMPLETE, $event); |
|
289 | |||
290 | 5 | if ($event->getResponse() !== null) { |
|
291 | return $event->getResponse(); |
||
292 | } |
||
293 | |||
294 | 7 | return $app->redirect($app->url('cart')); |
|
295 | } |
||
296 | } |
||
297 | } else { |
||
298 | 11 | $addFavorite = $app['session']->getFlashBag()->get('eccube.add.favorite'); |
|
299 | 11 | if (!empty($addFavorite)) { |
|
300 | // お気に入り登録時にログインされていない場合、ログイン後にお気に入り追加処理を行う |
||
301 | if ($app->isGranted('ROLE_USER')) { |
||
302 | $Customer = $app->user(); |
||
303 | $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product); |
||
304 | $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId()); |
||
305 | } |
||
306 | } |
||
307 | } |
||
308 | |||
309 | 12 | $is_favorite = false; |
|
310 | 12 | if ($app->isGranted('ROLE_USER')) { |
|
311 | 2 | $Customer = $app->user(); |
|
312 | 2 | $is_favorite = $app['eccube.repository.customer_favorite_product']->isFavorite($Customer, $Product); |
|
313 | } |
||
314 | |||
315 | 12 | return $app->render('Product/detail.twig', array( |
|
316 | 12 | 'title' => $this->title, |
|
317 | 12 | 'subtitle' => $Product->getName(), |
|
318 | 12 | 'form' => $form->createView(), |
|
319 | 12 | 'Product' => $Product, |
|
320 | 12 | 'is_favorite' => $is_favorite, |
|
321 | )); |
||
322 | } |
||
323 | |||
324 | /** |
||
325 | * ページタイトルの設定 |
||
326 | * |
||
327 | * @param null|array $searchData |
||
328 | * @return str |
||
329 | */ |
||
330 | 4 | private function getPageTitle($searchData) |
|
331 | { |
||
332 | 4 | if (isset($searchData['name']) && !empty($searchData['name'])) { |
|
333 | return '検索結果'; |
||
334 | 4 | } elseif (isset($searchData['category_id']) && $searchData['category_id']) { |
|
335 | 1 | return $searchData['category_id']->getName(); |
|
336 | } else { |
||
337 | 3 | return '全商品'; |
|
338 | } |
||
339 | } |
||
340 | } |
||
341 |