Skip to content

Commit

Permalink
Merge pull request #360 from uzulla/issue338/avoid-req-param-use-to-r…
Browse files Browse the repository at this point in the history 
…ender-html

テンプレートで用いられている、req.get("id")などの廃止 #338
  • Loading branch information
@fc2dev
fc2dev authored Aug 12, 2021
2 parents d993a12 + 2262b8d commit 96f239c
Show file tree
Hide file tree
Showing 24 changed files with 110 additions and 51 deletions.
19 changes: 12 additions & 7 deletions app/src/App.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,11 +241,7 @@ public static function getDeviceType(Request $request): int

// Cookieからデバイスタイプを取得
$device_type = $request->rawCookie('device');
$devices = [
App::DEVICE_PC,
App::DEVICE_SP,
];
if (!empty($device_type) && in_array($device_type, $devices)) {
if (!empty($device_type) && static::isExistsDeviceId($device_type)) {
return (int)$device_type;
}

Expand All @@ -261,6 +257,16 @@ public static function getDeviceType(Request $request): int
return App::DEVICE_PC;
}

/**
* デバイスタイプが既知のものか?(許可されているか?)
* @param string $id
* @return bool
*/
public static function isExistsDeviceId(string $id): bool
{
return in_array($id, self::ALLOW_DEVICES);
}

/**
* デバイスタイプを取得する
* @param Request $request
Expand All @@ -269,8 +275,7 @@ public static function getDeviceType(Request $request): int
public static function getDeviceTypeStr(Request $request): string
{
$device_id = static::getDeviceType($request);
$device_table = App::DEVICE_FC2_KEY;
return $device_table[$device_id];
return App::DEVICE_FC2_KEY[$device_id] ?? App::DEVICE_FC2_KEY[App::DEVICE_PC];
}

/**
Expand Down
13 changes: 12 additions & 1 deletion app/src/Web/Controller/Admin/BlogPluginsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
use Fc2blog\Model\BlogTemplatesModel;
use Fc2blog\Model\Model;
use Fc2blog\Model\PluginsModel;
use Fc2blog\Util\Log;
use Fc2blog\Web\Request;

class BlogPluginsController extends AdminController
Expand Down Expand Up @@ -45,6 +46,7 @@ public function index(Request $request): string
}
}
$this->set('blog_plugin_json', $blog_plugin_json);
$this->set('state', $request->get('state'));

return "admin/blog_plugins/index.twig";
}
Expand Down Expand Up @@ -73,6 +75,8 @@ public function share_search(Request $request): string
return $this->plugin_search($request, false);
}

const ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE = "1-3";

/**
* プラグイン検索 (内部呼び出し)
* @param Request $request
Expand Down Expand Up @@ -117,6 +121,11 @@ private function plugin_search(Request $request, bool $is_official = true): stri
$this->set('req_device_name', __(BlogTemplatesModel::getDeviceName((int)$request->get('device_type'))));
$this->set('device_key', App::getDeviceFc2Key($request->get('device_type')));
$this->set('is_official', $is_official);
if (!preg_match('/\A[' . self::ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE . ']\z/u', $request->get('category'))) {
Log::notice("Request invalid plugin category type " . $request->get('category'));
return $this->error400();
}
$this->set('plugin_category_type_id', $request->get('category'));

return 'admin/blog_plugins/plugin_search.twig';
}
Expand Down Expand Up @@ -191,13 +200,15 @@ public function edit(Request $request): string
$this->set('device_type_sp', (string)App::DEVICE_SP);

// 編集対象のデータ取得、なければリダイレクト
if (!$blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id)) {
$blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id);
if ($blog_plugin === false) {
$this->redirect($request, array('action' => 'index'));
}

// 初期表示時に編集データの設定
if (!$request->get('blog_plugin') || !$request->isValidSig()) {
$request->set('blog_plugin', $blog_plugin);
$this->set('blog_plugin', $blog_plugin);
return "admin/blog_plugins/edit.twig";
}

Expand Down
21 changes: 20 additions & 1 deletion app/src/Web/Controller/Admin/BlogTemplatesController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
use Fc2blog\Model\Fc2TemplatesModel;
use Fc2blog\Model\Model;
use Fc2blog\Service\BlogService;
use Fc2blog\Util\Log;
use Fc2blog\Web\Request;

class BlogTemplatesController extends AdminController
Expand Down Expand Up @@ -45,6 +46,11 @@ public function index(Request $request): string
}
$this->set('device_blog_templates', $device_blog_templates);
$this->set('devices', BlogTemplatesModel::DEVICE_NAME);
if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) {
Log::notice("invalid device_type params :" . $request->get("device_type"));
return $this->error400();
}
$this->set('req_device_type', $request->get("device_type"));

return "admin/blog_templates/index.twig";
}
Expand Down Expand Up @@ -77,6 +83,11 @@ public function fc2_index(Request $request): string
$this->set('templates', $templates);
$this->set('paging', $paging);
$this->set('devices', BlogTemplatesModel::DEVICE_NAME);
if (!App::isExistsDeviceId((string)$request->get("device_type", (string)App::DEVICE_PC))) {
Log::notice("invalid device_type params :" . $request->get("device_type"));
return $this->error400();
}
$this->set('req_device_type', $request->get("device_type"));

return "admin/blog_templates/fc2_index.twig";
}
Expand All @@ -101,6 +112,12 @@ public function fc2_view(Request $request): string
$device_type = $request->get('device_type', (string)App::DEVICE_PC);
$request->set('device_type', $device_type);

if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) {
Log::notice("invalid device_type params :" . $request->get("device_type"));
return $this->error400();
}
$this->set('req_device_type', $request->get("device_type"));

// テンプレート取得
$device_key = App::getDeviceFc2Key($device_type);
$template = Model::load('Fc2Templates')->findByIdAndDevice($request->get('fc2_id'), $device_key);
Expand Down Expand Up @@ -177,13 +194,15 @@ public function edit(Request $request): string

$id = $request->get('id');
$blog_id = $this->getBlogIdFromSession();
$blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id);

// 初期表示時に編集データの取得&設定
if (!$request->get('blog_template') || !$request->isValidPost()) {
if (!$blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id)) {
if (!$blog_template) {
$this->redirect($request, ['action' => 'index']);
}
$request->set('blog_template', $blog_template);
$this->set('blog_template', $blog_template);
return "admin/blog_templates/edit.twig";
}

Expand Down
11 changes: 8 additions & 3 deletions app/src/Web/Controller/Admin/CategoriesController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ public function create(Request $request): string

// 初期表示時
if (!$request->get('category') || !$request->isValidSig()) {
$this->set('show_category_list', true);
return "admin/categories/create.twig";
}

Expand Down Expand Up @@ -79,12 +80,16 @@ public function edit(Request $request): string
$options = $categories_model->getParentList($blog_id, $id);
$this->set('category_parents', [0 => ''] + $options);
$this->set('categories_model_order_list', $categories_model::getOrderList());
$category = $categories_model->findByIdAndBlogId($id, $blog_id);
$this->set('category', $category);

// 編集対象がみつからないので、新規作成にリダイレクト
if ($category === false) {
$this->redirect($request, ['action' => 'create']);
}

// 初期表示時に編集データの取得&設定
if (!$request->get('category') || !$request->isValidSig()) {
if (!$category = $categories_model->findByIdAndBlogId($id, $blog_id)) {
$this->redirect($request, ['action' => 'create']);
}
$request->set('category', $category);
return "admin/categories/edit.twig";
}
Expand Down
8 changes: 4 additions & 4 deletions app/src/Web/Controller/Admin/TagsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,10 +83,10 @@ public function edit(Request $request): string
{
$tags_model = new TagsModel();

$id = $request->get('id');
$tag_id = $request->get('id');
$blog_id = $this->getBlogIdFromSession();

if (!$tag = $tags_model->findByIdAndBlogId($id, $blog_id)) {
if (!$tag = $tags_model->findByIdAndBlogId($tag_id, $blog_id)) {
$this->redirect($request, ['action' => 'index']);
}
$this->set('tag', $tag);
Expand All @@ -104,11 +104,11 @@ public function edit(Request $request): string
// 更新処理
if (!$request->isPost()) return $this->error400();
$tag_request = $request->get('tag');
$tag_request['id'] = $id;
$tag_request['id'] = $tag_id;
$tag_request['blog_id'] = $blog_id;
$errors['tag'] = $tags_model->validate($tag_request, $data, ['name']);
if (empty($errors['tag'])) {
if ($tags_model->updateByIdAndBlogId($data, $id, $blog_id)) {
if ($tags_model->updateByIdAndBlogId($data, $tag_id, $blog_id)) {
$this->setInfoMessage(__('I have updated the tag'));

// 元の画面へ戻る
Expand Down
2 changes: 1 addition & 1 deletion app/twig_templates/admin/blog_plugins/edit.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<form action="edit" method="post" id="sys-blog-plugin-form" class="admin-form">

<input type="hidden" name="id" value="{{ req.get('id') }}"/>
<input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
{{ input(req, 'blog_plugin[device_type]', 'hidden') }}
{{ input(req, 'blog_plugin[category]', 'hidden') }}
<input type="hidden" name="sig" value="{{ sig }}"/>
Expand Down
4 changes: 2 additions & 2 deletions app/twig_templates/admin/blog_plugins/edit_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@

<form action="edit" method="post" id="sys-blog-plugin-form" class="admin-form">

<input type="hidden" name="id" value="{{ req.get('id') }}"/>
<input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
{{ input(req, 'blog_plugin[device_type]', 'hidden') }}
{{ input(req, 'blog_plugin[category]', 'hidden') }}
<input type="hidden" name="sig" value="{{ sig }}"/>
Expand Down Expand Up @@ -71,7 +71,7 @@
<div class="btn_area">
<ul class="btn_area_inner">
<li>
<a href="{{ url(req, 'blog_plugins', 'delete', {id: req.get('id'), sig: sig}) }}" class="btn_contents touch"
<a href="{{ url(req, 'blog_plugins', 'delete', {id: blog_plugin.id, sig: sig}) }}" class="btn_contents touch"
onclick="return confirm('{{ _('Are you sure you want to delete?') }}');"><i class="delete_icon btn_icon"></i>{{ _('Delete') }}</a>
</li>
</ul>
Expand Down
8 changes: 3 additions & 5 deletions app/twig_templates/admin/blog_plugins/index_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -288,15 +288,13 @@
});
// 初期表示
{% if req.get('state') == 'display' %}
{% if state == 'display' %}
$('#plugin_radio_display').prop('checked', true);
pluginSwitch('display');
{% endif %}
{% if req.get('state') == 'sort' %}
{% elseif state == 'sort' %}
$('#plugin_radio_sort').prop('checked', true);
pluginSwitch('sort');
{% endif %}
{% if req.get('state') != 'display' and req.get('state') == 'sort' %}
{% else %}
pluginSwitch('detail');
{% endif %}
});
Expand Down
15 changes: 13 additions & 2 deletions app/twig_templates/admin/blog_plugins/plugin_search.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,21 @@
<td>{{ t(plugin.title, 20) }}</td>
<td>{{ plugin.body|nl2br }}</td>
<td class="center">
<a href="{{ url(req, 'blog_plugins', 'download', {id: plugin.id, category: req.get('category'), sig: sig}) }}">{{ _('Download') }}</a>
<form action="{{ url(req, 'blog_plugins', 'download') }}" method="post">
<input type="hidden" name="id" value="{{ plugin.id }}">
<input type="hidden" name="category" value="{{ plugin_category_type_id }}">
<input type="hidden" name="sig" value="{{ sig }}">
<button>{{ _('Download') }}</button>
</form>
</td>
<td class="center">
<a href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, plugin_id: plugin.id, category: req.get('category'), device_key: 1}, false, true, false) }}" target="_blank">{{ _('Preview') }}</a>
<form action="{{ url(req, 'Entries', 'preview', {}, false, true, false) }}" method="post" target="_blank">
<input type="hidden" name="blog_id" value="{{ blog.id }}">
<input type="hidden" name="plugin_id" value="{{ plugin.id }}">
<input type="hidden" name="category" value="{{ plugin_category_type_id }}">
<input type="hidden" name="device_key" value="1">
<button>{{ _('Preview') }}</button>
</form>
</td>
{% if not is_official %}
<td class="center">
Expand Down
15 changes: 13 additions & 2 deletions app/twig_templates/admin/blog_plugins/plugin_search_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,19 @@
<h4>{{ t(plugin.title, 20) }}</h4>
<p>{{ t(plugin.body, 20) }}</p>
<div class="parallel_btn">
<a class="btn_contents touch" href="{{ url(req, 'blog_plugins', 'download', {id: plugin.id, category: req.get('category'), sig: sig}) }}">{{ _('Add') }}</a>
<a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, plugin_id: plugin.id, category: req.get('category'), device_key: 1}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
<form action="{{ url(req, 'blog_plugins', 'download') }}" method="post" style="display: inline">
<input type="hidden" name="id" value="{{ plugin.id }}">
<input type="hidden" name="category" value="{{ plugin_category_type_id }}">
<input type="hidden" name="sig" value="{{ sig }}">
<button class="btn_contents touch">{{ _('Add') }}</button>
</form>
<form action="{{ url(req, 'Entries', 'preview', {}, false, true, false) }}" method="post" target="_blank" style="display: inline">
<input type="hidden" name="blog_id" value="{{ blog.id }}">
<input type="hidden" name="plugin_id" value="{{ plugin.id }}">
<input type="hidden" name="category" value="{{ plugin_category_type_id }}">
<input type="hidden" name="device_key" value="1">
<button class="btn_contents touch">{{ _('Preview') }}</button>
</form>
</div>
</li>
{% endfor %}
Expand Down
2 changes: 1 addition & 1 deletion app/twig_templates/admin/blog_plugins/register.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@

<form action="register" method="post" id="sys-plugin-form" class="admin-form">

<input type="hidden" name="id" value="{{ req.get('id') }}"/>
<input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
<input type="hidden" name="sig" value="{{ sig }}"/>
<table>
<tbody>
Expand Down
2 changes: 1 addition & 1 deletion app/twig_templates/admin/blog_templates/edit.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@

<form action="edit" method="post" id="sys-blog-template-form" class="admin-form">

<input type="hidden" name="id" value="{{ req.get('id') }}"/>
<input type="hidden" name="id" value="{{ blog_template.id }}"/>
<input type="hidden" name="sig" value="{{ sig }}"/>

<h3>{{ _('Template name') }}</h3>
Expand Down
6 changes: 3 additions & 3 deletions app/twig_templates/admin/blog_templates/fc2_index.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

{% block content %}

<header><h2>{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h2></header>
<header><h2>{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h2></header>

{% if templates %}
{% for template in templates %}
Expand All @@ -18,11 +18,11 @@
</tr>
<tr>
<td class="btn">
<a class="admin_common_btn create_btn" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id:template.id, device_type: req.get('device_type')}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
<a class="admin_common_btn create_btn" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id:template.id, device_type: req_device_type}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
<form action="{{ url(req, 'blog_templates', 'download') }}" method="post" style="display: inline">
<input type="hidden" name="sig" value="{{ sig }}">
<input type="hidden" name="fc2_id" value="{{ template.id }}">
<input type="hidden" name="device_type" value="{{ req.get('device_type') }}">
<input type="hidden" name="device_type" value="{{ req_device_type }}">
<button type="submit" class="admin_common_btn create_btn">{{ _('Download') }}</button>
</form>

Expand Down
4 changes: 2 additions & 2 deletions app/twig_templates/admin/blog_templates/fc2_index_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,13 @@

{% block content %}

<header><h1 class="sh_heading_main_b">{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h1></header>
<header><h1 class="sh_heading_main_b">{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h1></header>

{% if templates %}
<ul class="template_list">
{% for template in templates %}
<li class="template_list_item">
<a href="{{ url(req, 'blog_templates', 'fc2_view', {fc2_id: template.id, device_type: req.get('device_type')}) }}">
<a href="{{ url(req, 'blog_templates', 'fc2_view', {fc2_id: template.id, device_type: req_device_type}) }}">
<img class="template_img" src="{{ template.image }}" alt="{{ template.name }}">
<p class="template_name">{{ template.name }}</p>
</a>
Expand Down
6 changes: 3 additions & 3 deletions app/twig_templates/admin/blog_templates/fc2_view_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,14 +3,14 @@

{% block content %}

<header><h1 class="sh_heading_main_b">{{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h1></header>
<header><h1 class="sh_heading_main_b">{{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h1></header>
<h2><span class="h2_inner">テンプレートの詳細</span></h2>

<div class="template_detail">
<form action="{{ url(req, 'blog_templates', 'download') }}" method="post" id="template_download_form">
<input type="hidden" name="sig" value="{{ sig }}">
<input type="hidden" name="fc2_id" value="{{ template.id }}">
<input type="hidden" name="device_type" value="{{ req.get('device_type') }}">
<input type="hidden" name="device_type" value="{{ req_device_type }}">
</form>
<div class="left_column">
<p class="template_img">
Expand All @@ -19,7 +19,7 @@
</div>
<div class="right_column">
<p>
<a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id: template.id, device_type: req.get('device_type')}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
<a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id: template.id, device_type: req_device_type}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
</p>
<p>
<button class="btn_contents touch" onclick="$('#template_download_form').submit()">{{ _('Download') }}</button>
Expand Down
2 changes: 1 addition & 1 deletion app/twig_templates/admin/blog_templates/index_sp.twig
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
<div class="form_contents">
<select onchange="location.href=$(this).val();">
{% for key, device_en in devices %}
<option value="{{ url(req, 'BlogTemplates', 'index', {device_type:key}) }}" {% if req.get('device_type') == key %}selected="selected"{% endif %}>{{ _(device_en) }}</option>
<option value="{{ url(req, 'BlogTemplates', 'index', {device_type:key}) }}" {% if req_device_type == key %}selected="selected"{% endif %}>{{ _(device_en) }}</option>
{% endfor %}
</select>
</div>
Expand Down
Loading

0 comments on commit 96f239c

Please sign in to comment.