This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Form\Type\Admin; |
||
26 | |||
27 | use Eccube\Common\Constant; |
||
28 | use Eccube\Form\DataTransformer; |
||
29 | use Symfony\Component\Form\AbstractType; |
||
30 | use Symfony\Component\Form\FormBuilderInterface; |
||
31 | use Symfony\Component\Form\FormError; |
||
32 | use Symfony\Component\Form\FormEvent; |
||
33 | use Symfony\Component\Form\FormEvents; |
||
34 | use Symfony\Component\OptionsResolver\OptionsResolverInterface; |
||
35 | use Symfony\Component\Validator\Constraints as Assert; |
||
36 | |||
37 | class OrderType extends AbstractType |
||
38 | { |
||
39 | |||
40 | protected $app; |
||
41 | |||
42 | 663 | public function __construct($app) |
|
43 | { |
||
44 | 663 | $this->app = $app; |
|
45 | } |
||
46 | |||
47 | /** |
||
48 | * {@inheritdoc} |
||
49 | */ |
||
50 | 30 | public function buildForm(FormBuilderInterface $builder, array $options) |
|
51 | { |
||
52 | 30 | $app = $this->app; |
|
53 | 30 | $config = $app['config']; |
|
54 | 30 | $BaseInfo = $app['eccube.repository.base_info']->get(); |
|
55 | |||
56 | $builder |
||
57 | 30 | ->add('name', 'name', array( |
|
58 | 30 | 'required' => false, |
|
59 | 'options' => array( |
||
60 | 'constraints' => array( |
||
61 | 30 | new Assert\NotBlank(), |
|
62 | ), |
||
63 | ), |
||
64 | )) |
||
65 | 30 | ->add('kana', 'kana', array( |
|
66 | 30 | 'required' => false, |
|
67 | 'options' => array( |
||
68 | 'constraints' => array( |
||
69 | 30 | new Assert\NotBlank(), |
|
70 | ), |
||
71 | ), |
||
72 | )) |
||
73 | 30 | ->add('company_name', 'text', array( |
|
74 | 30 | 'label' => '会社名', |
|
75 | 'required' => false, |
||
76 | 'constraints' => array( |
||
77 | 30 | new Assert\Length(array( |
|
78 | 30 | 'max' => $config['stext_len'], |
|
79 | )) |
||
80 | ), |
||
81 | )) |
||
82 | 30 | ->add('zip', 'zip', array( |
|
83 | 30 | 'required' => false, |
|
84 | 'options' => array( |
||
85 | 'constraints' => array( |
||
86 | 30 | new Assert\NotBlank(), |
|
87 | ), |
||
88 | ), |
||
89 | )) |
||
90 | 30 | ->add('address', 'address', array( |
|
91 | 30 | 'required' => false, |
|
92 | 'pref_options' => array( |
||
93 | 'constraints' => array( |
||
94 | 30 | new Assert\NotBlank(), |
|
95 | ), |
||
96 | ), |
||
97 | 'addr01_options' => array( |
||
98 | 'constraints' => array( |
||
99 | 30 | new Assert\NotBlank(), |
|
100 | 30 | new Assert\Length(array( |
|
101 | 30 | 'max' => $config['mtext_len'], |
|
102 | )), |
||
103 | ), |
||
104 | ), |
||
105 | 'addr02_options' => array( |
||
106 | 'required' => false, |
||
107 | 'constraints' => array( |
||
108 | 30 | new Assert\NotBlank(), |
|
109 | 30 | new Assert\Length(array( |
|
110 | 30 | 'max' => $config['mtext_len'], |
|
111 | )), |
||
112 | ), |
||
113 | ), |
||
114 | )) |
||
115 | 30 | ->add('email', 'email', array( |
|
116 | 30 | 'required' => false, |
|
117 | 30 | 'label' => 'メールアドレス', |
|
118 | 'constraints' => array( |
||
119 | 30 | new Assert\NotBlank(), |
|
120 | 30 | new Assert\Email(array('strict' => true)), |
|
121 | ), |
||
122 | )) |
||
123 | 30 | ->add('tel', 'tel', array( |
|
124 | 30 | 'required' => false, |
|
125 | 'options' => array( |
||
126 | 'constraints' => array( |
||
127 | 30 | new Assert\NotBlank(), |
|
128 | ), |
||
129 | ), |
||
130 | )) |
||
131 | 30 | ->add('fax', 'tel', array( |
|
132 | 30 | 'label' => 'FAX番号', |
|
133 | 'required' => false, |
||
134 | )) |
||
135 | 30 | ->add('company_name', 'text', array( |
|
136 | 30 | 'label' => '会社名', |
|
137 | 'required' => false, |
||
138 | 'constraints' => array( |
||
139 | 30 | new Assert\Length(array( |
|
140 | 30 | 'max' => $config['stext_len'], |
|
141 | )) |
||
142 | ), |
||
143 | )) |
||
144 | 30 | ->add('message', 'textarea', array( |
|
145 | 30 | 'label' => 'お問い合わせ', |
|
146 | 'required' => false, |
||
147 | 'constraints' => array( |
||
148 | 30 | new Assert\Length(array( |
|
149 | 30 | 'max' => $config['ltext_len'], |
|
150 | )), |
||
151 | ), |
||
152 | )) |
||
153 | 30 | ->add('discount', 'money', array( |
|
154 | 30 | 'label' => '値引き', |
|
155 | 30 | 'currency' => 'JPY', |
|
156 | 30 | 'precision' => 0, |
|
157 | 30 | 'scale' => 0, |
|
158 | 'grouping' => true, |
||
159 | 'constraints' => array( |
||
160 | 30 | new Assert\NotBlank(), |
|
161 | 30 | new Assert\Length(array( |
|
162 | 30 | 'max' => $config['int_len'], |
|
163 | )), |
||
164 | ), |
||
165 | )) |
||
166 | 30 | ->add('delivery_fee_total', 'money', array( |
|
167 | 30 | 'label' => '送料', |
|
168 | 30 | 'currency' => 'JPY', |
|
169 | 30 | 'precision' => 0, |
|
170 | 30 | 'scale' => 0, |
|
171 | 'grouping' => true, |
||
172 | 'constraints' => array( |
||
173 | 30 | new Assert\NotBlank(), |
|
174 | 30 | new Assert\Length(array( |
|
175 | 30 | 'max' => $config['int_len'], |
|
176 | )), |
||
177 | ), |
||
178 | )) |
||
179 | 30 | ->add('charge', 'money', array( |
|
180 | 30 | 'label' => '手数料', |
|
181 | 30 | 'currency' => 'JPY', |
|
182 | 30 | 'precision' => 0, |
|
183 | 30 | 'scale' => 0, |
|
184 | 'grouping' => true, |
||
185 | 'constraints' => array( |
||
186 | 30 | new Assert\NotBlank(), |
|
187 | 30 | new Assert\Length(array( |
|
188 | 30 | 'max' => $config['int_len'], |
|
189 | )), |
||
190 | ), |
||
191 | )) |
||
192 | 30 | ->add('note', 'textarea', array( |
|
193 | 30 | 'label' => 'SHOP用メモ欄', |
|
194 | 'required' => false, |
||
195 | 'constraints' => array( |
||
196 | 30 | new Assert\Length(array( |
|
197 | 30 | 'max' => $config['ltext_len'], |
|
198 | )), |
||
199 | ), |
||
200 | )) |
||
201 | 30 | ->add('OrderStatus', 'entity', array( |
|
202 | 30 | 'class' => 'Eccube\Entity\Master\OrderStatus', |
|
203 | 30 | 'property' => 'name', |
|
204 | 30 | 'empty_value' => '選択してください', |
|
205 | 'empty_data' => null, |
||
206 | 'query_builder' => function($er) { |
||
207 | 30 | return $er->createQueryBuilder('o') |
|
208 | 30 | ->orderBy('o.rank', 'ASC'); |
|
209 | 30 | }, |
|
210 | 'constraints' => array( |
||
211 | 30 | new Assert\NotBlank(), |
|
212 | ), |
||
213 | )) |
||
214 | 30 | ->add('Payment', 'entity', array( |
|
215 | 30 | 'required' => false, |
|
216 | 30 | 'class' => 'Eccube\Entity\Payment', |
|
217 | 30 | 'property' => 'method', |
|
218 | 30 | 'empty_value' => '選択してください', |
|
219 | 'empty_data' => null, |
||
220 | 'constraints' => array( |
||
221 | 30 | new Assert\NotBlank(), |
|
222 | ), |
||
223 | )) |
||
224 | 30 | ->add('OrderDetails', 'collection', array( |
|
225 | 30 | 'type' => 'order_detail', |
|
226 | 'allow_add' => true, |
||
227 | 'allow_delete' => true, |
||
228 | 'prototype' => true, |
||
229 | )) |
||
230 | 30 | ->add('Shippings', 'collection', array( |
|
231 | 30 | 'type' => 'shipping', |
|
232 | 'allow_add' => true, |
||
233 | 'allow_delete' => true, |
||
234 | 'prototype' => true, |
||
235 | )); |
||
236 | $builder |
||
237 | 30 | ->add($builder->create('Customer', 'hidden') |
|
238 | 30 | ->addModelTransformer(new DataTransformer\EntityToIdTransformer( |
|
239 | 30 | $this->app['orm.em'], |
|
240 | 30 | '\Eccube\Entity\Customer' |
|
241 | ))); |
||
242 | |||
243 | $builder->addEventListener(FormEvents::PRE_SUBMIT, function (FormEvent $event) use ($BaseInfo) { |
||
244 | |||
245 | 24 | $data = $event->getData(); |
|
246 | 24 | $orderDetails = &$data['OrderDetails']; |
|
247 | |||
248 | // 数量0フィルター |
||
249 | $quantityFilter = function ($v) { |
||
250 | 13 | return !(isset($v['quantity']) && preg_match('/^0+$/', trim($v['quantity']))); |
|
251 | 24 | }; |
|
252 | |||
253 | 24 | if ($BaseInfo->getOptionMultipleShipping() == Constant::ENABLED) { |
|
254 | |||
255 | 6 | $shippings = &$data['Shippings']; |
|
256 | |||
257 | // 数量を抽出 |
||
258 | $getQuantity = function ($v) { |
||
259 | 6 | return (isset($v['quantity']) && preg_match('/^\d+$/', trim($v['quantity']))) ? |
|
260 | 6 | trim($v['quantity']) : |
|
261 | 6 | 0; |
|
262 | 6 | }; |
|
263 | |||
264 | 6 | foreach ($shippings as &$shipping) { |
|
265 | 6 | if (!empty($shipping['ShipmentItems'])) { |
|
266 | 6 | $shipping['ShipmentItems'] = array_filter($shipping['ShipmentItems'], $quantityFilter); |
|
267 | } |
||
268 | } |
||
269 | |||
270 | 6 | if (!empty($orderDetails)) { |
|
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
271 | |||
272 | 6 | foreach ($orderDetails as &$orderDetail) { |
|
0 ignored issues
–
show
|
|||
273 | |||
274 | 6 | $orderDetail['quantity'] = 0; |
|
275 | |||
276 | // 受注詳細と同じ商品規格のみ抽出 |
||
277 | $productClassFilter = function ($v) use ($orderDetail) { |
||
278 | 6 | return $orderDetail['ProductClass'] === $v['ProductClass']; |
|
279 | 6 | }; |
|
280 | |||
281 | 6 | foreach ($shippings as &$shipping) { |
|
0 ignored issues
–
show
|
|||
282 | |||
283 | 6 | if (!empty($shipping['ShipmentItems'])) { |
|
0 ignored issues
–
show
|
|||
284 | |||
285 | // 同じ商品規格の受注詳細の価格を適用 |
||
286 | $applyPrice = function (&$v) use ($orderDetail) { |
||
287 | 6 | $v['price'] = ($v['ProductClass'] === $orderDetail['ProductClass']) ? |
|
288 | 6 | $orderDetail['price'] : |
|
289 | 6 | $v['price']; |
|
290 | 6 | }; |
|
291 | 6 | array_walk($shipping['ShipmentItems'], $applyPrice); |
|
292 | |||
293 | // 数量適用 |
||
294 | 6 | $relatedShipmentItems = array_filter($shipping['ShipmentItems'], $productClassFilter); |
|
295 | 6 | $quantities = array_map($getQuantity, $relatedShipmentItems); |
|
296 | 6 | $orderDetail['quantity'] += array_sum($quantities); |
|
297 | } |
||
298 | } |
||
299 | } |
||
300 | } |
||
301 | } |
||
302 | |||
303 | 24 | if (!empty($orderDetails)) { |
|
304 | 13 | $data['OrderDetails'] = array_filter($orderDetails, $quantityFilter); |
|
305 | } |
||
306 | |||
307 | 24 | $event->setData($data); |
|
308 | 30 | }); |
|
309 | 30 | View Code Duplication | $builder->addEventListener(FormEvents::POST_SUBMIT, function (FormEvent $event) { |
310 | 24 | $form = $event->getForm(); |
|
311 | 24 | $orderDetails = $form['OrderDetails']->getData(); |
|
312 | 24 | if (empty($orderDetails) || count($orderDetails) < 1) { |
|
313 | // 画面下部にエラーメッセージを表示させる |
||
314 | 11 | $form['charge']->addError(new FormError('商品が追加されていません。')); |
|
315 | } |
||
316 | 30 | }); |
|
317 | } |
||
318 | |||
319 | /** |
||
320 | * {@inheritdoc} |
||
321 | */ |
||
322 | 30 | public function setDefaultOptions(OptionsResolverInterface $resolver) |
|
323 | { |
||
324 | 30 | $resolver->setDefaults(array( |
|
325 | 30 | 'data_class' => 'Eccube\Entity\Order', |
|
326 | )); |
||
327 | } |
||
328 | |||
329 | /** |
||
330 | * {@inheritdoc} |
||
331 | */ |
||
332 | 663 | public function getName() |
|
333 | { |
||
334 | 663 | return 'order'; |
|
335 | } |
||
336 | } |