This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Repository; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Util\Str; |
||
29 | use Doctrine\ORM\EntityRepository; |
||
30 | use Doctrine\ORM\NoResultException; |
||
31 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
32 | |||
33 | /** |
||
34 | * ProductRepository |
||
35 | * |
||
36 | * This class was generated by the Doctrine ORM. Add your own custom |
||
37 | * repository methods below. |
||
38 | */ |
||
39 | class ProductRepository extends EntityRepository |
||
40 | { |
||
41 | |||
42 | /** |
||
43 | * @var \Eccube\Application |
||
44 | */ |
||
45 | protected $app; |
||
46 | |||
47 | /** |
||
48 | * @param Application $app |
||
49 | */ |
||
50 | 99 | public function setApplication(Application $app) |
|
51 | { |
||
52 | 99 | $this->app = $app; |
|
53 | } |
||
54 | |||
55 | /** |
||
56 | * get Product. |
||
57 | * |
||
58 | * @param integer $productId |
||
59 | * @return \Eccube\Entity\Product |
||
60 | * |
||
61 | * @throws NotFoundHttpException |
||
62 | */ |
||
63 | 17 | public function get($productId) |
|
64 | { |
||
65 | // Product |
||
66 | try { |
||
67 | 17 | $qb = $this->createQueryBuilder('p') |
|
68 | 17 | ->andWhere('p.id = :id'); |
|
69 | |||
70 | $product = $qb |
||
71 | 17 | ->getQuery() |
|
72 | 17 | ->setParameters(array( |
|
73 | 17 | 'id' => $productId, |
|
74 | )) |
||
75 | 17 | ->getSingleResult(); |
|
76 | 2 | } catch (NoResultException $e) { |
|
77 | 2 | throw new NotFoundHttpException(); |
|
78 | } |
||
79 | |||
80 | 16 | return $product; |
|
81 | } |
||
82 | |||
83 | /** |
||
84 | * get query builder. |
||
85 | * |
||
86 | * @param array $searchData |
||
87 | * @return \Doctrine\ORM\QueryBuilder |
||
88 | */ |
||
89 | 16 | public function getQueryBuilderBySearchData($searchData) |
|
90 | { |
||
91 | 16 | $qb = $this->createQueryBuilder('p') |
|
92 | 16 | ->andWhere('p.Status = 1'); |
|
93 | |||
94 | // category |
||
95 | 16 | $categoryJoin = false; |
|
96 | 16 | View Code Duplication | if (!empty($searchData['category_id']) && $searchData['category_id']) { |
97 | 3 | $Categories = $searchData['category_id']->getSelfAndDescendants(); |
|
98 | 3 | if ($Categories) { |
|
99 | $qb |
||
100 | 3 | ->innerJoin('p.ProductCategories', 'pct') |
|
101 | 3 | ->innerJoin('pct.Category', 'c') |
|
102 | 3 | ->andWhere($qb->expr()->in('pct.Category', ':Categories')) |
|
103 | 3 | ->setParameter('Categories', $Categories); |
|
104 | 3 | $categoryJoin = true; |
|
105 | } |
||
106 | } |
||
107 | |||
108 | // name |
||
109 | 16 | if (isset($searchData['name']) && Str::isNotBlank($searchData['name'])) { |
|
110 | 1 | $keywords = preg_split('/[\s ]+/u', $searchData['name'], -1, PREG_SPLIT_NO_EMPTY); |
|
111 | |||
112 | 1 | foreach ($keywords as $index => $keyword) { |
|
113 | 1 | $key = sprintf('keyword%s', $index); |
|
114 | $qb |
||
115 | 1 | ->andWhere(sprintf('NORMALIZE(p.name) LIKE NORMALIZE(:%s) OR NORMALIZE(p.search_word) LIKE NORMALIZE(:%s)', $key, $key)) |
|
116 | 1 | ->setParameter($key, '%' . $keyword . '%'); |
|
117 | } |
||
118 | } |
||
119 | |||
120 | // Order By |
||
121 | // 価格低い順 |
||
122 | 16 | $config = $this->app['config']; |
|
123 | 16 | if (!empty($searchData['orderby']) && $searchData['orderby']->getId() == $config['product_order_price_lower']) { |
|
124 | //@see http://doctrine-orm.readthedocs.org/en/latest/reference/dql-doctrine-query-language.html |
||
125 | 6 | $qb->addSelect('MIN(pc.price02) as HIDDEN price02_min'); |
|
126 | 6 | $qb->innerJoin('p.ProductClasses', 'pc'); |
|
127 | 6 | $qb->groupBy('p'); |
|
128 | // postgres9.0以下は, groupBy('p.id')が利用できない |
||
0 ignored issues
–
show
|
|||
129 | // mysqlおよびpostgresql9.1以上であればgroupBy('p.id')にすることで性能向上が期待できる. |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
45% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them.
Loading history...
|
|||
130 | // @see https://github.com/EC-CUBE/ec-cube/issues/1904 |
||
131 | // $qb->groupBy('p.id'); |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
75% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them.
Loading history...
|
|||
132 | 6 | $qb->orderBy('price02_min', 'ASC'); |
|
133 | 6 | $qb->addOrderBy('p.id', 'DESC'); |
|
134 | // 価格高い順 |
||
135 | 10 | } else if (!empty($searchData['orderby']) && $searchData['orderby']->getId() == $config['product_order_price_higher']) { |
|
136 | 1 | $qb->addSelect('MAX(pc.price02) as HIDDEN price02_max'); |
|
137 | 1 | $qb->innerJoin('p.ProductClasses', 'pc'); |
|
138 | 1 | $qb->groupBy('p'); |
|
139 | 1 | $qb->orderBy('price02_max', 'DESC'); |
|
140 | 1 | $qb->addOrderBy('p.id', 'DESC'); |
|
141 | // 新着順 |
||
142 | 9 | } else if (!empty($searchData['orderby']) && $searchData['orderby']->getId() == $config['product_order_newer']) { |
|
143 | // 在庫切れ商品非表示の設定が有効時対応 |
||
144 | // @see https://github.com/EC-CUBE/ec-cube/issues/1998 |
||
145 | 2 | if ($this->app['orm.em']->getFilters()->isEnabled('nostock_hidden') == true) { |
|
146 | $qb->innerJoin('p.ProductClasses', 'pc'); |
||
147 | } |
||
148 | 2 | $qb->orderBy('p.create_date', 'DESC'); |
|
149 | } else { |
||
150 | 7 | if ($categoryJoin === false) { |
|
151 | $qb |
||
152 | 5 | ->leftJoin('p.ProductCategories', 'pct') |
|
153 | 5 | ->leftJoin('pct.Category', 'c'); |
|
154 | } |
||
155 | $qb |
||
156 | 7 | ->addOrderBy('p.id', 'DESC'); |
|
157 | } |
||
158 | |||
159 | 16 | return $qb; |
|
160 | } |
||
161 | |||
162 | /** |
||
163 | * get query builder. |
||
164 | * |
||
165 | * @param array $searchData |
||
166 | * @return \Doctrine\ORM\QueryBuilder |
||
167 | */ |
||
168 | 22 | public function getQueryBuilderBySearchDataForAdmin($searchData) |
|
169 | { |
||
170 | 22 | $qb = $this->createQueryBuilder('p') |
|
171 | 22 | ->innerJoin('p.ProductClasses', 'pc'); |
|
172 | |||
173 | // id |
||
174 | 22 | View Code Duplication | if (isset($searchData['id']) && Str::isNotBlank($searchData['id'])) { |
175 | 10 | $id = preg_match('/^\d+$/', $searchData['id']) ? $searchData['id'] : null; |
|
176 | $qb |
||
177 | 10 | ->andWhere('p.id = :id OR p.name LIKE :likeid OR pc.code LIKE :likeid') |
|
178 | 10 | ->setParameter('id', $id) |
|
179 | 10 | ->setParameter('likeid', '%' . $searchData['id'] . '%'); |
|
180 | } |
||
181 | |||
182 | // code |
||
183 | /* |
||
184 | if (!empty($searchData['code']) && $searchData['code']) { |
||
185 | $qb |
||
186 | ->innerJoin('p.ProductClasses', 'pc') |
||
187 | ->andWhere('pc.code LIKE :code') |
||
188 | ->setParameter('code', '%' . $searchData['code'] . '%'); |
||
189 | } |
||
190 | |||
191 | // name |
||
192 | if (!empty($searchData['name']) && $searchData['name']) { |
||
193 | $keywords = preg_split('/[\s ]+/u', $searchData['name'], -1, PREG_SPLIT_NO_EMPTY); |
||
194 | foreach ($keywords as $keyword) { |
||
195 | $qb |
||
196 | ->andWhere('p.name LIKE :name') |
||
197 | ->setParameter('name', '%' . $keyword . '%'); |
||
198 | } |
||
199 | } |
||
200 | */ |
||
201 | |||
202 | // category |
||
203 | 22 | View Code Duplication | if (!empty($searchData['category_id']) && $searchData['category_id']) { |
204 | 2 | $Categories = $searchData['category_id']->getSelfAndDescendants(); |
|
205 | 2 | if ($Categories) { |
|
206 | $qb |
||
207 | 2 | ->innerJoin('p.ProductCategories', 'pct') |
|
208 | 2 | ->innerJoin('pct.Category', 'c') |
|
209 | 2 | ->andWhere($qb->expr()->in('pct.Category', ':Categories')) |
|
210 | 2 | ->setParameter('Categories', $Categories); |
|
211 | } |
||
212 | } |
||
213 | |||
214 | // status |
||
215 | 22 | if (!empty($searchData['status']) && $searchData['status']->toArray()) { |
|
216 | $qb |
||
217 | 1 | ->andWhere($qb->expr()->in('p.Status', ':Status')) |
|
218 | 1 | ->setParameter('Status', $searchData['status']->toArray()); |
|
219 | } |
||
220 | |||
221 | // link_status |
||
222 | 22 | if (isset($searchData['link_status'])) { |
|
223 | $qb |
||
224 | 1 | ->andWhere($qb->expr()->in('p.Status', ':Status')) |
|
225 | 1 | ->setParameter('Status', $searchData['link_status']); |
|
226 | } |
||
227 | |||
228 | // stock status |
||
229 | 22 | if (isset($searchData['stock_status'])) { |
|
230 | $qb |
||
231 | 1 | ->andWhere('pc.stock_unlimited = :StockUnlimited AND pc.stock = 0') |
|
232 | 1 | ->setParameter('StockUnlimited', $searchData['stock_status']); |
|
233 | } |
||
234 | |||
235 | // crate_date |
||
236 | 22 | View Code Duplication | if (!empty($searchData['create_date_start']) && $searchData['create_date_start']) { |
237 | 1 | $date = $searchData['create_date_start'] |
|
238 | 1 | ->format('Y-m-d H:i:s'); |
|
239 | $qb |
||
240 | 1 | ->andWhere('p.create_date >= :create_date_start') |
|
241 | 1 | ->setParameter('create_date_start', $date); |
|
242 | } |
||
243 | |||
244 | 22 | View Code Duplication | if (!empty($searchData['create_date_end']) && $searchData['create_date_end']) { |
245 | 1 | $date = clone $searchData['create_date_end']; |
|
246 | $date = $date |
||
247 | 1 | ->modify('+1 days') |
|
248 | 1 | ->format('Y-m-d H:i:s'); |
|
249 | $qb |
||
250 | 1 | ->andWhere('p.create_date < :create_date_end') |
|
251 | 1 | ->setParameter('create_date_end', $date); |
|
252 | } |
||
253 | |||
254 | // update_date |
||
255 | 22 | View Code Duplication | if (!empty($searchData['update_date_start']) && $searchData['update_date_start']) { |
256 | 1 | $date = $searchData['update_date_start'] |
|
257 | 1 | ->format('Y-m-d H:i:s'); |
|
258 | $qb |
||
259 | 1 | ->andWhere('p.update_date >= :update_date_start') |
|
260 | 1 | ->setParameter('update_date_start', $date); |
|
261 | } |
||
262 | 22 | View Code Duplication | if (!empty($searchData['update_date_end']) && $searchData['update_date_end']) { |
263 | 1 | $date = clone $searchData['update_date_end']; |
|
264 | $date = $date |
||
265 | 1 | ->modify('+1 days') |
|
266 | 1 | ->format('Y-m-d H:i:s'); |
|
267 | $qb |
||
268 | 1 | ->andWhere('p.update_date < :update_date_end') |
|
269 | 1 | ->setParameter('update_date_end', $date); |
|
270 | } |
||
271 | |||
272 | |||
273 | // Order By |
||
274 | $qb |
||
275 | 22 | ->orderBy('p.update_date', 'DESC'); |
|
276 | |||
277 | 22 | return $qb; |
|
278 | } |
||
279 | |||
280 | /** |
||
0 ignored issues
–
show
|
|||
281 | * get query builder. |
||
282 | * |
||
283 | * @param $Customer |
||
0 ignored issues
–
show
|
|||
284 | * @return \Doctrine\ORM\QueryBuilder |
||
285 | * @see CustomerFavoriteProductRepository::getQueryBuilderByCustomer() |
||
286 | * @deprecated since 3.0.0, to be removed in 3.1 |
||
287 | */ |
||
288 | public function getFavoriteProductQueryBuilderByCustomer($Customer) |
||
289 | { |
||
290 | $qb = $this->createQueryBuilder('p') |
||
291 | ->innerJoin('p.CustomerFavoriteProducts', 'cfp') |
||
292 | ->where('cfp.Customer = :Customer AND p.Status = 1') |
||
293 | ->setParameter('Customer', $Customer); |
||
294 | |||
295 | // Order By |
||
296 | // XXX Paginater を使用した場合に PostgreSQL で正しくソートできない |
||
297 | $qb->addOrderBy('cfp.create_date', 'DESC'); |
||
298 | |||
299 | return $qb; |
||
300 | } |
||
301 | } |
||
302 |
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.