This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Form\Type\Admin; |
||
26 | |||
27 | use Eccube\Form\DataTransformer; |
||
28 | use Symfony\Component\Form\AbstractType; |
||
29 | use Symfony\Component\Form\FormBuilderInterface; |
||
30 | use Symfony\Component\Form\FormEvent; |
||
31 | use Symfony\Component\Form\FormEvents; |
||
32 | use Symfony\Component\OptionsResolver\OptionsResolverInterface; |
||
33 | use Symfony\Component\Validator\Constraints as Assert; |
||
34 | |||
35 | class OrderDetailType extends AbstractType |
||
36 | { |
||
37 | protected $app; |
||
38 | |||
39 | 663 | public function __construct($app) |
|
40 | { |
||
41 | 663 | $this->app = $app; |
|
42 | } |
||
43 | |||
44 | /** |
||
45 | * {@inheritdoc} |
||
46 | */ |
||
47 | 43 | public function buildForm(FormBuilderInterface $builder, array $options) |
|
48 | { |
||
49 | 43 | $config = $this->app['config']; |
|
50 | |||
51 | $builder |
||
52 | 43 | ->add('new', 'hidden', array( |
|
53 | 43 | 'required' => false, |
|
54 | 'mapped' => false, |
||
55 | 'data' => 1 |
||
56 | )) |
||
57 | 43 | ->add('price', 'money', array( |
|
58 | 43 | 'currency' => 'JPY', |
|
59 | 43 | 'precision' => 0, |
|
60 | 43 | 'scale' => 0, |
|
61 | 'grouping' => true, |
||
62 | 'constraints' => array( |
||
63 | 43 | new Assert\NotBlank(), |
|
64 | 43 | new Assert\Length(array( |
|
65 | 43 | 'max' => $config['int_len'], |
|
66 | )), |
||
67 | ), |
||
68 | )) |
||
69 | 43 | ->add('quantity', 'text', array( |
|
70 | 'constraints' => array( |
||
71 | 43 | new Assert\NotBlank(), |
|
72 | 43 | new Assert\Length(array( |
|
73 | 43 | 'max' => $config['int_len'], |
|
74 | )), |
||
75 | 43 | new Assert\Regex(array( |
|
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
76 | 43 | 'pattern' => "/^\d+$/u", |
|
77 | 'message' => 'form.type.numeric.invalid' |
||
78 | )), |
||
79 | ), |
||
80 | )) |
||
81 | 43 | ->add('tax_rate', 'text', array( |
|
82 | 'constraints' => array( |
||
83 | 43 | new Assert\NotBlank(), |
|
84 | 43 | new Assert\Length(array( |
|
85 | 43 | 'max' => $config['int_len'], |
|
86 | )), |
||
87 | 43 | new Assert\Regex(array( |
|
0 ignored issues
–
show
|
|||
88 | 43 | 'pattern' => "/^\d+(\.\d+)?$/u", |
|
89 | 'message' => 'form.type.float.invalid' |
||
90 | )), |
||
91 | ) |
||
92 | )) |
||
93 | 43 | ->add('product_name', 'hidden') |
|
94 | 43 | ->add('product_code', 'hidden') |
|
95 | 43 | ->add('class_name1', 'hidden') |
|
96 | 43 | ->add('class_name2', 'hidden') |
|
97 | 43 | ->add('class_category_name1', 'hidden') |
|
98 | 43 | ->add('class_category_name2', 'hidden') |
|
99 | 43 | ->add('tax_rule', 'hidden') |
|
100 | ; |
||
101 | |||
102 | $builder |
||
103 | 43 | ->add($builder->create('Product', 'hidden') |
|
104 | 43 | ->addModelTransformer(new DataTransformer\EntityToIdTransformer( |
|
105 | 43 | $this->app['orm.em'], |
|
106 | 43 | '\Eccube\Entity\Product' |
|
107 | ))) |
||
108 | 43 | ->add($builder->create('ProductClass', 'hidden') |
|
109 | 43 | ->addModelTransformer(new DataTransformer\EntityToIdTransformer( |
|
110 | 43 | $this->app['orm.em'], |
|
111 | 43 | '\Eccube\Entity\ProductClass' |
|
112 | ))); |
||
113 | |||
114 | 43 | $app = $this->app; |
|
115 | 43 | $builder->addEventListener(FormEvents::PRE_SUBMIT, function (FormEvent $event) use ($app) { |
|
116 | // モーダルからのPOST時に、金額等をセットする. |
||
117 | 26 | if ('modal' === $app['request']->get('modal')) { |
|
118 | $data = $event->getData(); |
||
119 | // 新規明細行の場合にセット. |
||
120 | if (isset($data['new'])) { |
||
121 | /** @var \Eccube\Entity\ProductClass $ProductClass */ |
||
122 | $ProductClass = $app['eccube.repository.product_class'] |
||
123 | ->find($data['ProductClass']); |
||
124 | /** @var \Eccube\Entity\Product $Product */ |
||
125 | $Product = $ProductClass->getProduct(); |
||
126 | /** @var \Eccube\Entity\TaxRule $TaxRule */ |
||
127 | $TaxRule = $app['eccube.repository.tax_rule']->getByRule($Product, $ProductClass); |
||
128 | |||
129 | $data['product_name'] = $Product->getName(); |
||
130 | $data['product_code'] = $ProductClass->getCode(); |
||
131 | $data['class_name1'] = $ProductClass->hasClassCategory1() ? |
||
132 | $ProductClass->getClassCategory1()->getClassName() : |
||
133 | null; |
||
134 | $data['class_name2'] = $ProductClass->hasClassCategory2() ? |
||
135 | $ProductClass->getClassCategory2()->getClassName() : |
||
136 | null; |
||
137 | $data['class_category_name1'] = $ProductClass->hasClassCategory1() ? |
||
138 | $ProductClass->getClassCategory1()->getName() : |
||
139 | null; |
||
140 | $data['class_category_name2'] = $ProductClass->hasClassCategory2() ? |
||
141 | $ProductClass->getClassCategory2()->getName() : |
||
142 | null; |
||
143 | $data['tax_rule'] = $TaxRule->getCalcRule()->getId(); |
||
144 | $data['price'] = $ProductClass->getPrice02(); |
||
145 | $data['quantity'] = empty($data['quantity']) ? 1 : $data['quantity']; |
||
146 | $data['tax_rate'] = $TaxRule->getTaxRate(); |
||
147 | $event->setData($data); |
||
148 | } |
||
149 | } |
||
150 | 43 | }); |
|
151 | |||
152 | } |
||
153 | |||
154 | /** |
||
155 | * {@inheritdoc} |
||
156 | */ |
||
157 | 43 | public function setDefaultOptions(OptionsResolverInterface $resolver) |
|
158 | { |
||
159 | 43 | $resolver->setDefaults(array( |
|
160 | 43 | 'data_class' => 'Eccube\Entity\OrderDetail', |
|
161 | )); |
||
162 | } |
||
163 | |||
164 | /** |
||
165 | * {@inheritdoc} |
||
166 | */ |
||
167 | 663 | public function getName() |
|
168 | { |
||
169 | 663 | return 'order_detail'; |
|
170 | } |
||
171 | } |
||
172 |