This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | |||
25 | namespace Eccube\Controller; |
||
26 | |||
27 | use Eccube\Application; |
||
28 | use Eccube\Common\Constant; |
||
29 | use Eccube\Event\EccubeEvents; |
||
30 | use Eccube\Event\EventArgs; |
||
31 | use Eccube\Exception\CartException; |
||
32 | use Symfony\Component\HttpFoundation\Request; |
||
33 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
34 | |||
35 | class ProductController |
||
36 | { |
||
37 | |||
38 | 3 | private $title; |
|
39 | |||
40 | 3 | public function __construct() |
|
41 | 3 | { |
|
42 | $this->title = ''; |
||
43 | 1 | } |
|
44 | |||
45 | public function index(Application $app, Request $request) |
||
46 | { |
||
47 | $BaseInfo = $app['eccube.repository.base_info']->get(); |
||
48 | |||
49 | // Doctrine SQLFilter |
||
50 | if ($BaseInfo->getNostockHidden() === Constant::ENABLED) { |
||
51 | $app['orm.em']->getFilters()->enable('nostock_hidden'); |
||
52 | } |
||
53 | |||
54 | // handleRequestは空のqueryの場合は無視するため |
||
55 | if ($request->getMethod() === 'GET') { |
||
56 | $request->query->set('pageno', $request->query->get('pageno', '')); |
||
57 | } |
||
58 | |||
59 | // searchForm |
||
60 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
||
61 | $builder = $app['form.factory']->createNamedBuilder('', 'search_product'); |
||
62 | $builder->setAttribute('freeze', true); |
||
63 | $builder->setAttribute('freeze_display_text', false); |
||
64 | if ($request->getMethod() === 'GET') { |
||
65 | $builder->setMethod('GET'); |
||
66 | } |
||
67 | |||
68 | $event = new EventArgs( |
||
69 | array( |
||
70 | 'builder' => $builder, |
||
71 | ), |
||
72 | $request |
||
73 | ); |
||
74 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_INITIALIZE, $event); |
|
75 | 1 | ||
76 | /* @var $searchForm \Symfony\Component\Form\FormInterface */ |
||
77 | $searchForm = $builder->getForm(); |
||
78 | |||
79 | 1 | $searchForm->handleRequest($request); |
|
80 | |||
81 | // paginator |
||
82 | $searchData = $searchForm->getData(); |
||
83 | $qb = $app['eccube.repository.product']->getQueryBuilderBySearchData($searchData); |
||
84 | |||
85 | $event = new EventArgs( |
||
86 | array( |
||
87 | 'searchData' => $searchData, |
||
88 | 'qb' => $qb, |
||
89 | ), |
||
90 | $request |
||
91 | ); |
||
92 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_SEARCH, $event); |
||
93 | $searchData = $event->getArgument('searchData'); |
||
94 | |||
95 | $pagination = $app['paginator']()->paginate( |
||
96 | $qb, |
||
97 | !empty($searchData['pageno']) ? $searchData['pageno'] : 1, |
||
98 | $searchData['disp_number']->getId() |
||
99 | ); |
||
100 | |||
101 | // addCart form |
||
102 | $forms = array(); |
||
103 | foreach ($pagination as $Product) { |
||
104 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
||
105 | $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array( |
||
106 | 'product' => $Product, |
||
107 | 'allow_extra_fields' => true, |
||
108 | )); |
||
109 | $addCartForm = $builder->getForm(); |
||
110 | |||
111 | if ($request->getMethod() === 'POST' && (string)$Product->getId() === $request->get('product_id')) { |
||
112 | $addCartForm->handleRequest($request); |
||
113 | |||
114 | if ($addCartForm->isValid()) { |
||
115 | $addCartData = $addCartForm->getData(); |
||
116 | |||
117 | try { |
||
118 | $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save(); |
||
119 | } catch (CartException $e) { |
||
120 | $app->addRequestError($e->getMessage()); |
||
121 | } |
||
122 | |||
123 | $event = new EventArgs( |
||
124 | array( |
||
125 | 'form' => $addCartForm, |
||
126 | 'Product' => $Product, |
||
127 | ), |
||
128 | $request |
||
129 | ); |
||
130 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_COMPLETE, $event); |
||
131 | |||
132 | if ($event->getResponse() !== null) { |
||
133 | return $event->getResponse(); |
||
134 | } |
||
135 | 1 | ||
136 | 1 | return $app->redirect($app->url('cart')); |
|
137 | } |
||
138 | 1 | } |
|
139 | 1 | ||
140 | 1 | $forms[$Product->getId()] = $addCartForm->createView(); |
|
141 | } |
||
142 | |||
143 | // 表示件数 |
||
144 | 1 | $builder = $app['form.factory']->createNamedBuilder('disp_number', 'product_list_max', null, array( |
|
145 | 'empty_data' => null, |
||
146 | 2 | 'required' => false, |
|
147 | 'label' => '表示件数', |
||
148 | 'allow_extra_fields' => true, |
||
149 | )); |
||
150 | if ($request->getMethod() === 'GET') { |
||
151 | $builder->setMethod('GET'); |
||
152 | } |
||
153 | |||
154 | $event = new EventArgs( |
||
155 | array( |
||
156 | 'builder' => $builder, |
||
157 | ), |
||
158 | $request |
||
159 | ); |
||
160 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_DISP, $event); |
||
161 | |||
162 | $dispNumberForm = $builder->getForm(); |
||
163 | |||
164 | $dispNumberForm->handleRequest($request); |
||
165 | 2 | ||
166 | // ソート順 |
||
167 | $builder = $app['form.factory']->createNamedBuilder('orderby', 'product_list_order_by', null, array( |
||
168 | 'empty_data' => null, |
||
169 | 'required' => false, |
||
170 | 'label' => '表示順', |
||
171 | 'allow_extra_fields' => true, |
||
172 | )); |
||
173 | if ($request->getMethod() === 'GET') { |
||
174 | $builder->setMethod('GET'); |
||
175 | } |
||
176 | |||
177 | $event = new EventArgs( |
||
178 | array( |
||
179 | 'builder' => $builder, |
||
180 | ), |
||
181 | $request |
||
182 | ); |
||
183 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_INDEX_ORDER, $event); |
||
184 | |||
185 | $orderByForm = $builder->getForm(); |
||
186 | |||
187 | $orderByForm->handleRequest($request); |
||
188 | |||
189 | $Category = $searchForm->get('category_id')->getData(); |
||
190 | |||
191 | return $app->render('Product/list.twig', array( |
||
192 | 'subtitle' => $this->getPageTitle($searchData), |
||
193 | 'pagination' => $pagination, |
||
194 | 'search_form' => $searchForm->createView(), |
||
195 | 'disp_number_form' => $dispNumberForm->createView(), |
||
196 | 'order_by_form' => $orderByForm->createView(), |
||
197 | 'forms' => $forms, |
||
198 | 'Category' => $Category, |
||
199 | )); |
||
200 | 1 | } |
|
201 | |||
202 | public function detail(Application $app, Request $request, $id) |
||
203 | { |
||
204 | $BaseInfo = $app['eccube.repository.base_info']->get(); |
||
205 | if ($BaseInfo->getNostockHidden() === Constant::ENABLED) { |
||
206 | $app['orm.em']->getFilters()->enable('nostock_hidden'); |
||
207 | } |
||
208 | 1 | ||
209 | /* @var $Product \Eccube\Entity\Product */ |
||
210 | 2 | $Product = $app['eccube.repository.product']->get($id); |
|
211 | if (!$request->getSession()->has('_security_admin') && $Product->getStatus()->getId() !== 1) { |
||
212 | throw new NotFoundHttpException(); |
||
213 | } |
||
214 | if (count($Product->getProductClasses()) < 1) { |
||
215 | throw new NotFoundHttpException(); |
||
216 | 2 | } |
|
217 | 2 | ||
218 | 2 | /* @var $builder \Symfony\Component\Form\FormBuilderInterface */ |
|
219 | 2 | $builder = $app['form.factory']->createNamedBuilder('', 'add_cart', null, array( |
|
220 | 'product' => $Product, |
||
221 | 'id_add_product_id' => false, |
||
222 | )); |
||
223 | 2 | ||
224 | $event = new EventArgs( |
||
225 | array( |
||
226 | 'builder' => $builder, |
||
227 | 'Product' => $Product, |
||
228 | ), |
||
229 | $request |
||
230 | ); |
||
231 | 1 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_INITIALIZE, $event); |
|
232 | |||
233 | 1 | /* @var $form \Symfony\Component\Form\FormInterface */ |
|
234 | $form = $builder->getForm(); |
||
235 | 1 | ||
236 | if ($request->getMethod() === 'POST') { |
||
237 | $form->handleRequest($request); |
||
238 | 1 | ||
239 | if ($form->isValid()) { |
||
240 | $addCartData = $form->getData(); |
||
241 | if ($addCartData['mode'] === 'add_favorite') { |
||
242 | if ($app->isGranted('ROLE_USER')) { |
||
243 | $Customer = $app->user(); |
||
244 | $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product); |
||
245 | $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId()); |
||
246 | |||
247 | $event = new EventArgs( |
||
248 | array( |
||
249 | 'form' => $form, |
||
250 | 'Product' => $Product, |
||
251 | ), |
||
252 | $request |
||
253 | ); |
||
254 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_FAVORITE, $event); |
||
255 | |||
256 | if ($event->getResponse() !== null) { |
||
257 | return $event->getResponse(); |
||
258 | } |
||
259 | |||
260 | return $app->redirect($app->url('product_detail', array('id' => $Product->getId()))); |
||
261 | } else { |
||
262 | // 非会員の場合、ログイン画面を表示 |
||
263 | // ログイン後の画面遷移先を設定 |
||
264 | $app->setLoginTargetPath($app->url('product_detail', array('id' => $Product->getId()))); |
||
265 | $app['session']->getFlashBag()->set('eccube.add.favorite', true); |
||
266 | return $app->redirect($app->url('mypage_login')); |
||
267 | } |
||
268 | } elseif ($addCartData['mode'] === 'add_cart') { |
||
0 ignored issues
–
show
Coding Style
introduced
by
Loading history...
|
|||
269 | |||
270 | log_info('カート追加処理開始', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity'])); |
||
271 | |||
272 | try { |
||
273 | $app['eccube.service.cart']->addProduct($addCartData['product_class_id'], $addCartData['quantity'])->save(); |
||
274 | } catch (CartException $e) { |
||
275 | log_info('カート追加エラー', array($e->getMessage())); |
||
276 | $app->addRequestError($e->getMessage()); |
||
277 | } |
||
278 | |||
279 | log_info('カート追加処理完了', array('product_id' => $Product->getId(), 'product_class_id' => $addCartData['product_class_id'], 'quantity' => $addCartData['quantity'])); |
||
280 | |||
281 | $event = new EventArgs( |
||
282 | array( |
||
283 | 'form' => $form, |
||
284 | 'Product' => $Product, |
||
285 | ), |
||
286 | $request |
||
287 | ); |
||
288 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::FRONT_PRODUCT_DETAIL_COMPLETE, $event); |
||
289 | |||
290 | if ($event->getResponse() !== null) { |
||
291 | return $event->getResponse(); |
||
292 | } |
||
293 | |||
294 | return $app->redirect($app->url('cart')); |
||
295 | } |
||
296 | } |
||
297 | } else { |
||
298 | $addFavorite = $app['session']->getFlashBag()->get('eccube.add.favorite'); |
||
299 | if (!empty($addFavorite)) { |
||
300 | // お気に入り登録時にログインされていない場合、ログイン後にお気に入り追加処理を行う |
||
301 | if ($app->isGranted('ROLE_USER')) { |
||
302 | $Customer = $app->user(); |
||
303 | $app['eccube.repository.customer_favorite_product']->addFavorite($Customer, $Product); |
||
304 | $app['session']->getFlashBag()->set('product_detail.just_added_favorite', $Product->getId()); |
||
305 | } |
||
306 | } |
||
307 | } |
||
308 | |||
309 | $is_favorite = false; |
||
310 | if ($app->isGranted('ROLE_USER')) { |
||
311 | $Customer = $app->user(); |
||
312 | $is_favorite = $app['eccube.repository.customer_favorite_product']->isFavorite($Customer, $Product); |
||
313 | } |
||
314 | |||
315 | return $app->render('Product/detail.twig', array( |
||
316 | 'title' => $this->title, |
||
317 | 'subtitle' => $Product->getName(), |
||
318 | 'form' => $form->createView(), |
||
319 | 'Product' => $Product, |
||
320 | 'is_favorite' => $is_favorite, |
||
321 | )); |
||
322 | } |
||
323 | |||
324 | /** |
||
325 | * ページタイトルの設定 |
||
326 | * |
||
327 | * @param null|array $searchData |
||
328 | * @return str |
||
329 | */ |
||
330 | private function getPageTitle($searchData) |
||
331 | { |
||
332 | if (isset($searchData['name']) && !empty($searchData['name'])) { |
||
333 | return '検索結果'; |
||
334 | } elseif (isset($searchData['category_id']) && $searchData['category_id']) { |
||
335 | return $searchData['category_id']->getName(); |
||
336 | } else { |
||
337 | return '全商品'; |
||
338 | } |
||
339 | } |
||
340 | } |
||
341 |