Issues in ProductController.php (master) - Issues in master - EC-CUBE/ec-cube - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2687)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Eccube/Controller/ProductController.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Hama 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * This file is part of EC-CUBE
 *
 * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
 *
 * http://www.lockon.co.jp/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


namespace Eccube\Controller;

use Eccube\Application;
use Eccube\Common\Constant;
use Eccube\Event\EccubeEvents;
use Eccube\Event\EventArgs;
use Eccube\Exception\CartException;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;

class ProductController
{

    private $title;

    public function __construct()
    {
        $this->title = '';
    }

    public function index(Application $app, Request $request)
    {
        $BaseInfo = $app['eccube.repository.base_info']->get();

        // Doctrine SQLFilter
        if ($BaseInfo->getNostockHidden() === Constant::ENABLED) {
            $app['orm.em']->getFilters()->enable('nostock_hidden');
        }

        // handleRequestは空のqueryの場合は無視するため
        if ($request->getMethod() === 'GET') {
            $request->query->set('pageno', $request->query->get('pageno', ''));
        }

        // searchForm
        /* @var $builder \Symfony\Component\Form\FormBuilderInterface */
        $builder = $app['form.factory']->createNamedBuilder('', 'search_product');
        $builder->setAttribute('freeze', true);
        $builder->setAttribute('freeze_display_text', false);
        if ($request->getMethod() === 'GET') {
            $builder->setMethod('GET');
        }

        $event = new EventArgs(
            array(
                'builder' => $builder,
            ),
            $request
        );
        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_INITIALIZE, $event);

        /* @var $searchForm \Symfony\Component\Form\FormInterface */
        $searchForm = $builder->getForm();

        $searchForm->handleRequest($request);

        // paginator
        $searchData = $searchForm->getData();
        $qb = $app['eccube.repository.product']->getQueryBuilderBySearchData($searchData);

        $event = new EventArgs(
            array(
                'searchData' => $searchData,
                'qb' => $qb,
            ),
            $request
        );
        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_SEARCH, $event);
        $searchData = $event->getArgument('searchData');

        $pagination = $app['paginator']()->paginate(
            $qb,
            !empty($searchData['pageno']) ? $searchData['pageno'] : 1,
            $searchData['disp_number']->getId()
        );

        // addCart form
        $forms = array();
        foreach ($pagination as $Product) {
            /* @var $builder \Symfony\Component\Form\FormBuilderInterface */
            $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array(
                'product' => $Product,
                'allow_extra_fields' => true,
            ));
            $addCartForm = $builder->getForm();

            if ($request->getMethod() === 'POST' && (string)$Product->getId() === $request->get('product_id')) {
                $addCartForm->handleRequest($request);

                if ($addCartForm->isValid()) {
                    $addCartData = $addCartForm->getData();

                    try {
                        $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save();
                    } catch (CartException $e) {
                        $app->addRequestError($e->getMessage());
                    }

                    $event = new EventArgs(
                        array(
                            'form' => $addCartForm,
                            'Product' => $Product,
                        ),
                        $request
                    );
                    $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_COMPLETE, $event);

                    if ($event->getResponse() !== null) {
                        return $event->getResponse();
                    }

                    return $app->redirect($app->url('cart'));
                }
            }

            $forms[$Product->getId()] = $addCartForm->createView();
        }

        // 表示件数
        $builder = $app['form.factory']->createNamedBuilder('disp_number', 'product_list_max', null, array(
            'empty_data' => null,
            'required' => false,
            'label' => '表示件数',
            'allow_extra_fields' => true,
        ));
        if ($request->getMethod() === 'GET') {
            $builder->setMethod('GET');
        }

        $event = new EventArgs(
            array(
                'builder' => $builder,
            ),
            $request
        );
        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_DISP, $event);

        $dispNumberForm = $builder->getForm();

        $dispNumberForm->handleRequest($request);

        // ソート順
        $builder = $app['form.factory']->createNamedBuilder('orderby', 'product_list_order_by', null, array(
            'empty_data' => null,
            'required' => false,
            'label' => '表示順',
            'allow_extra_fields' => true,
        ));
        if ($request->getMethod() === 'GET') {
            $builder->setMethod('GET');
        }

        $event = new EventArgs(
            array(
                'builder' => $builder,
            ),
            $request
        );
        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_ORDER, $event);

        $orderByForm = $builder->getForm();

        $orderByForm->handleRequest($request);

        $Category = $searchForm->get('category_id')->getData();

        return $app->render('Product/list.twig', array(
            'subtitle' => $this->getPageTitle($searchData),
            'pagination' => $pagination,
            'search_form' => $searchForm->createView(),
            'disp_number_form' => $dispNumberForm->createView(),
            'order_by_form' => $orderByForm->createView(),
            'forms' => $forms,
            'Category' => $Category,
        ));
    }

    public function detail(Application $app, Request $request, $id)
    {
        $BaseInfo = $app['eccube.repository.base_info']->get();
        if ($BaseInfo->getNostockHidden() === Constant::ENABLED) {
            $app['orm.em']->getFilters()->enable('nostock_hidden');
        }

        /* @var $Product \Eccube\Entity\Product */
        $Product = $app['eccube.repository.product']->get($id);
        if (!$request->getSession()->has('_security_admin') && $Product->getStatus()->getId() !== 1) {
            throw new NotFoundHttpException();
        }
        if (count($Product->getProductClasses()) < 1) {
            throw new NotFoundHttpException();
        }

        /* @var $builder \Symfony\Component\Form\FormBuilderInterface */
        $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array(
            'product' => $Product,
            'id_add_product_id' => false,
        ));

        $event = new EventArgs(
            array(
                'builder' => $builder,
                'Product' => $Product,
            ),
            $request
        );
        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_INITIALIZE, $event);

        /* @var $form \Symfony\Component\Form\FormInterface */
        $form = $builder->getForm();

        if ($request->getMethod() === 'POST') {
            $form->handleRequest($request);

            if ($form->isValid()) {
                $addCartData = $form->getData();
                if ($addCartData['mode'] === 'add_favorite') {
                    if ($app->isGranted('ROLE_USER')) {
                        $Customer = $app->user();
                        $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product);
                        $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId());

                        $event = new EventArgs(
                            array(
                                'form' => $form,
                                'Product' => $Product,
                            ),
                            $request
                        );
                        $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_FAVORITE, $event);

                        if ($event->getResponse() !== null) {
                            return $event->getResponse();
                        }

                        return $app->redirect($app->url('product_detail', array('id' => $Product->getId())));
                    } else {
                        // 非会員の場合、ログイン画面を表示
                        //  ログイン後の画面遷移先を設定
                        $app->setLoginTargetPath($app->url('product_detail', array('id' => $Product->getId())));
                        $app['session']->getFlashBag()->set('eccube.add.favorite', true);
                        return $app->redirect($app->url('mypage_login'));
                    }
                } elseif ($addCartData['mode'] === 'add_cart') {


                    log_info('カート追加処理開始', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity']));

                    try {
                        $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save();
                    } catch (CartException $e) {
                        log_info('カート追加エラー', array($e->getMessage()));
                        $app->addRequestError($e->getMessage());
                    }

                    log_info('カート追加処理完了', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity']));

                    $event = new EventArgs(
                        array(
                            'form' => $form,
                            'Product' => $Product,
                        ),
                        $request
                    );
                    $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_COMPLETE, $event);

                    if ($event->getResponse() !== null) {
                        return $event->getResponse();
                    }

                    return $app->redirect($app->url('cart'));
                }
            }
        } else {
            $addFavorite = $app['session']->getFlashBag()->get('eccube.add.favorite');
            if (!empty($addFavorite)) {
                // お気に入り登録時にログインされていない場合、ログイン後にお気に入り追加処理を行う
                if ($app->isGranted('ROLE_USER')) {
                    $Customer = $app->user();
                    $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product);
                    $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId());
                }
            }
        }

        $is_favorite = false;
        if ($app->isGranted('ROLE_USER')) {
            $Customer = $app->user();
            $is_favorite = $app['eccube.repository.customer_favorite_product']->isFavorite($Customer, $Product);
        }

        return $app->render('Product/detail.twig', array(
            'title' => $this->title,
            'subtitle' => $Product->getName(),
            'form' => $form->createView(),
            'Product' => $Product,
            'is_favorite' => $is_favorite,
        ));
    }

    /**
     * ページタイトルの設定
     *
     * @param  null|array $searchData
     * @return str
     */
    private function getPageTitle($searchData)
    {
        if (isset($searchData['name']) && !empty($searchData['name'])) {
            return '検索結果';
        } elseif (isset($searchData['category_id']) && $searchData['category_id']) {
            return $searchData['category_id']->getName();
        } else {
            return '全商品';
        }
    }
}


1		<?php
2		/*
3		* This file is part of EC-CUBE
4		*
5		* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
6		*
7		* http://www.lockon.co.jp/
8		*
9		* This program is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU General Public License
11		* as published by the Free Software Foundation; either version 2
12		* of the License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU General Public License for more details.
18		*
19		* You should have received a copy of the GNU General Public License
20		* along with this program; if not, write to the Free Software
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22		*/
23
24
25		namespace Eccube\Controller;
26
27		use Eccube\Application;
28		use Eccube\Common\Constant;
29		use Eccube\Event\EccubeEvents;
30		use Eccube\Event\EventArgs;
31		use Eccube\Exception\CartException;
32		use Symfony\Component\HttpFoundation\Request;
33		use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
34
35		class ProductController
36		{
37
38		private $title;
39
40	17	public function __construct()
41		{
42	17	$this->title = '';
43		}
44
45	4	public function index(Application $app, Request $request)
46		{
47	4	$BaseInfo = $app['eccube.repository.base_info']->get();
48
49		// Doctrine SQLFilter
50	4	if ($BaseInfo->getNostockHidden() === Constant::ENABLED) {
51		$app['orm.em']->getFilters()->enable('nostock_hidden');
52		}
53
54		// handleRequestは空のqueryの場合は無視するため
55	4	if ($request->getMethod() === 'GET') {
56	4	$request->query->set('pageno', $request->query->get('pageno', ''));
57		}
58
59		// searchForm
60		/* @var $builder \Symfony\Component\Form\FormBuilderInterface */
61	4	$builder = $app['form.factory']->createNamedBuilder('', 'search_product');
62	4	$builder->setAttribute('freeze', true);
63	4	$builder->setAttribute('freeze_display_text', false);
64	4	if ($request->getMethod() === 'GET') {
65	4	$builder->setMethod('GET');
66		}
67
68	4	$event = new EventArgs(
69		array(
70	4	'builder' => $builder,
71		),
72		$request
73		);
74	4	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_INITIALIZE, $event);
75
76		/* @var $searchForm \Symfony\Component\Form\FormInterface */
77	4	$searchForm = $builder->getForm();
78
79	4	$searchForm->handleRequest($request);
80
81		// paginator
82	4	$searchData = $searchForm->getData();
83	4	$qb = $app['eccube.repository.product']->getQueryBuilderBySearchData($searchData);
84
85	4	$event = new EventArgs(
86		array(
87	4	'searchData' => $searchData,
88	4	'qb' => $qb,
89		),
90		$request
91		);
92	4	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_SEARCH, $event);
93	4	$searchData = $event->getArgument('searchData');
94
95	4	$pagination = $app['paginator']()->paginate(
96		$qb,
97	4	!empty($searchData['pageno']) ? $searchData['pageno'] : 1,
98	4	$searchData['disp_number']->getId()
99		);
100
101		// addCart form
102	4	$forms = array();
103	4	foreach ($pagination as $Product) {
104		/* @var $builder \Symfony\Component\Form\FormBuilderInterface */
105	4	$builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array(
106	4	'product' => $Product,
107		'allow_extra_fields' => true,
108		));
109	4	$addCartForm = $builder->getForm();
110
111	4	if ($request->getMethod() === 'POST' && (string)$Product->getId() === $request->get('product_id')) {
112		$addCartForm->handleRequest($request);
113
114		if ($addCartForm->isValid()) {
115		$addCartData = $addCartForm->getData();
116
117		try {
118		$app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save();
119		} catch (CartException $e) {
120		$app->addRequestError($e->getMessage());
121		}
122
123		$event = new EventArgs(
124		array(
125		'form' => $addCartForm,
126		'Product' => $Product,
127		),
128		$request
129		);
130		$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_COMPLETE, $event);
131
132		if ($event->getResponse() !== null) {
133		return $event->getResponse();
134		}
135
136		return $app->redirect($app->url('cart'));
137		}
138		}
139
140	4	$forms[$Product->getId()] = $addCartForm->createView();
141		}
142
143		// 表示件数
144	4	$builder = $app['form.factory']->createNamedBuilder('disp_number', 'product_list_max', null, array(
145	4	'empty_data' => null,
146		'required' => false,
147		'label' => '表示件数',
148		'allow_extra_fields' => true,
149		));
150	4	if ($request->getMethod() === 'GET') {
151	4	$builder->setMethod('GET');
152		}
153
154	4	$event = new EventArgs(
155		array(
156	4	'builder' => $builder,
157		),
158		$request
159		);
160	4	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_DISP, $event);
161
162	4	$dispNumberForm = $builder->getForm();
163
164	4	$dispNumberForm->handleRequest($request);
165
166		// ソート順
167	4	$builder = $app['form.factory']->createNamedBuilder('orderby', 'product_list_order_by', null, array(
168	4	'empty_data' => null,
169		'required' => false,
170		'label' => '表示順',
171		'allow_extra_fields' => true,
172		));
173	4	if ($request->getMethod() === 'GET') {
174	4	$builder->setMethod('GET');
175		}
176
177	4	$event = new EventArgs(
178		array(
179	4	'builder' => $builder,
180		),
181		$request
182		);
183	4	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_ORDER, $event);
184
185	4	$orderByForm = $builder->getForm();
186
187	4	$orderByForm->handleRequest($request);
188
189	4	$Category = $searchForm->get('category_id')->getData();
190
191	4	return $app->render('Product/list.twig', array(
192	4	'subtitle' => $this->getPageTitle($searchData),
193	4	'pagination' => $pagination,
194	4	'search_form' => $searchForm->createView(),
195	4	'disp_number_form' => $dispNumberForm->createView(),
196	4	'order_by_form' => $orderByForm->createView(),
197	4	'forms' => $forms,
198	4	'Category' => $Category,
199		));
200		}
201
202	13	public function detail(Application $app, Request $request, $id)
203		{
204	13	$BaseInfo = $app['eccube.repository.base_info']->get();
205	13	if ($BaseInfo->getNostockHidden() === Constant::ENABLED) {
206		$app['orm.em']->getFilters()->enable('nostock_hidden');
207		}
208
209		/* @var $Product \Eccube\Entity\Product */
210	13	$Product = $app['eccube.repository.product']->get($id);
211	13	if (!$request->getSession()->has('_security_admin') && $Product->getStatus()->getId() !== 1) {
212	1	throw new NotFoundHttpException();
213		}
214	13	if (count($Product->getProductClasses()) < 1) {
215		throw new NotFoundHttpException();
216		}
217
218		/* @var $builder \Symfony\Component\Form\FormBuilderInterface */
219	13	$builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array(
220	13	'product' => $Product,
221		'id_add_product_id' => false,
222		));
223
224	13	$event = new EventArgs(
225		array(
226	13	'builder' => $builder,
227	13	'Product' => $Product,
228		),
229		$request
230		);
231	13	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_INITIALIZE, $event);
232
233		/* @var $form \Symfony\Component\Form\FormInterface */
234	13	$form = $builder->getForm();
235
236	13	if ($request->getMethod() === 'POST') {
237	9	$form->handleRequest($request);
238
239	9	if ($form->isValid()) {
240	7	$addCartData = $form->getData();
241	7	if ($addCartData['mode'] === 'add_favorite') {
242	2	if ($app->isGranted('ROLE_USER')) {
243	2	$Customer = $app->user();
244	2	$app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product);
245	2	$app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId());
246
247	2	$event = new EventArgs(
248		array(
249	2	'form' => $form,
250	2	'Product' => $Product,
251		),
252		$request
253		);
254	2	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_FAVORITE, $event);
255
256	2	if ($event->getResponse() !== null) {
257		return $event->getResponse();
258		}
259
260	2	return $app->redirect($app->url('product_detail', array('id' => $Product->getId())));
261		} else {
262		// 非会員の場合、ログイン画面を表示
263		// ログイン後の画面遷移先を設定
264		$app->setLoginTargetPath($app->url('product_detail', array('id' => $Product->getId())));
265		$app['session']->getFlashBag()->set('eccube.add.favorite', true);
266		return $app->redirect($app->url('mypage_login'));
267		}
268	5	} elseif ($addCartData['mode'] === 'add_cart') {
		0 ignored issues – show Coding Style introduced 2016-10-25 11:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this Blank line found at start of control structure Loading history...
269
270	5	log_info('カート追加処理開始', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity']));
271
272		try {
273	5	$app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save();
274	1	} catch (CartException $e) {
275	1	log_info('カート追加エラー', array($e->getMessage()));
276	1	$app->addRequestError($e->getMessage());
277		}
278
279	5	log_info('カート追加処理完了', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity']));
280
281	5	$event = new EventArgs(
282		array(
283	5	'form' => $form,
284	5	'Product' => $Product,
285		),
286		$request
287		);
288	5	$app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_COMPLETE, $event);
289
290	5	if ($event->getResponse() !== null) {
291		return $event->getResponse();
292		}
293
294	7	return $app->redirect($app->url('cart'));
295		}
296		}
297		} else {
298	11	$addFavorite = $app['session']->getFlashBag()->get('eccube.add.favorite');
299	11	if (!empty($addFavorite)) {
300		// お気に入り登録時にログインされていない場合、ログイン後にお気に入り追加処理を行う
301		if ($app->isGranted('ROLE_USER')) {
302		$Customer = $app->user();
303		$app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product);
304		$app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId());
305		}
306		}
307		}
308
309	12	$is_favorite = false;
310	12	if ($app->isGranted('ROLE_USER')) {
311	2	$Customer = $app->user();
312	2	$is_favorite = $app['eccube.repository.customer_favorite_product']->isFavorite($Customer, $Product);
313		}
314
315	12	return $app->render('Product/detail.twig', array(
316	12	'title' => $this->title,
317	12	'subtitle' => $Product->getName(),
318	12	'form' => $form->createView(),
319	12	'Product' => $Product,
320	12	'is_favorite' => $is_favorite,
321		));
322		}
323
324		/**
325		* ページタイトルの設定
326		*
327		* @param null\|array $searchData
328		* @return str
329		*/
330	4	private function getPageTitle($searchData)
331		{
332	4	if (isset($searchData['name']) && !empty($searchData['name'])) {
333		return '検索結果';
334	4	} elseif (isset($searchData['category_id']) && $searchData['category_id']) {
335	1	return $searchData['category_id']->getName();
336		} else {
337	3	return '全商品';
338		}
339		}
340		}
341

EC-CUBE / ec-cube

Issues (2687)

Security Analysis not enabled

src/Eccube/Controller/ProductController.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like