diff --git a/app/src/App.php b/app/src/App.php index 5ef64d27..11e99e52 100644 --- a/app/src/App.php +++ b/app/src/App.php @@ -241,11 +241,7 @@ public static function getDeviceType(Request $request): int // Cookieからデバイスタイプを取得 $device_type = $request->rawCookie('device'); - $devices = [ - App::DEVICE_PC, - App::DEVICE_SP, - ]; - if (!empty($device_type) && in_array($device_type, $devices)) { + if (!empty($device_type) && static::isExistsDeviceId($device_type)) { return (int)$device_type; } @@ -261,6 +257,16 @@ public static function getDeviceType(Request $request): int return App::DEVICE_PC; } + /** + * デバイスタイプが既知のものか?(許可されているか?) + * @param string $id + * @return bool + */ + public static function isExistsDeviceId(string $id): bool + { + return in_array($id, self::ALLOW_DEVICES); + } + /** * デバイスタイプを取得する * @param Request $request @@ -269,8 +275,7 @@ public static function getDeviceType(Request $request): int public static function getDeviceTypeStr(Request $request): string { $device_id = static::getDeviceType($request); - $device_table = App::DEVICE_FC2_KEY; - return $device_table[$device_id]; + return App::DEVICE_FC2_KEY[$device_id] ?? App::DEVICE_FC2_KEY[App::DEVICE_PC]; } /** diff --git a/app/src/Web/Controller/Admin/BlogPluginsController.php b/app/src/Web/Controller/Admin/BlogPluginsController.php index c51d221d..03143ab6 100644 --- a/app/src/Web/Controller/Admin/BlogPluginsController.php +++ b/app/src/Web/Controller/Admin/BlogPluginsController.php @@ -9,6 +9,7 @@ use Fc2blog\Model\BlogTemplatesModel; use Fc2blog\Model\Model; use Fc2blog\Model\PluginsModel; +use Fc2blog\Util\Log; use Fc2blog\Web\Request; class BlogPluginsController extends AdminController @@ -45,6 +46,7 @@ public function index(Request $request): string } } $this->set('blog_plugin_json', $blog_plugin_json); + $this->set('state', $request->get('state')); return "admin/blog_plugins/index.twig"; } @@ -73,6 +75,8 @@ public function share_search(Request $request): string return $this->plugin_search($request, false); } + const ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE = "1-3"; + /** * プラグイン検索 (内部呼び出し) * @param Request $request @@ -117,6 +121,11 @@ private function plugin_search(Request $request, bool $is_official = true): stri $this->set('req_device_name', __(BlogTemplatesModel::getDeviceName((int)$request->get('device_type')))); $this->set('device_key', App::getDeviceFc2Key($request->get('device_type'))); $this->set('is_official', $is_official); + if (!preg_match('/\A[' . self::ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE . ']\z/u', $request->get('category'))) { + Log::notice("Request invalid plugin category type " . $request->get('category')); + return $this->error400(); + } + $this->set('plugin_category_type_id', $request->get('category')); return 'admin/blog_plugins/plugin_search.twig'; } @@ -191,13 +200,15 @@ public function edit(Request $request): string $this->set('device_type_sp', (string)App::DEVICE_SP); // 編集対象のデータ取得、なければリダイレクト - if (!$blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id)) { + $blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id); + if ($blog_plugin === false) { $this->redirect($request, array('action' => 'index')); } // 初期表示時に編集データの設定 if (!$request->get('blog_plugin') || !$request->isValidSig()) { $request->set('blog_plugin', $blog_plugin); + $this->set('blog_plugin', $blog_plugin); return "admin/blog_plugins/edit.twig"; } diff --git a/app/src/Web/Controller/Admin/BlogTemplatesController.php b/app/src/Web/Controller/Admin/BlogTemplatesController.php index 40cc58ba..24feae7e 100644 --- a/app/src/Web/Controller/Admin/BlogTemplatesController.php +++ b/app/src/Web/Controller/Admin/BlogTemplatesController.php @@ -10,6 +10,7 @@ use Fc2blog\Model\Fc2TemplatesModel; use Fc2blog\Model\Model; use Fc2blog\Service\BlogService; +use Fc2blog\Util\Log; use Fc2blog\Web\Request; class BlogTemplatesController extends AdminController @@ -45,6 +46,11 @@ public function index(Request $request): string } $this->set('device_blog_templates', $device_blog_templates); $this->set('devices', BlogTemplatesModel::DEVICE_NAME); + if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) { + Log::notice("invalid device_type params :" . $request->get("device_type")); + return $this->error400(); + } + $this->set('req_device_type', $request->get("device_type")); return "admin/blog_templates/index.twig"; } @@ -77,6 +83,11 @@ public function fc2_index(Request $request): string $this->set('templates', $templates); $this->set('paging', $paging); $this->set('devices', BlogTemplatesModel::DEVICE_NAME); + if (!App::isExistsDeviceId((string)$request->get("device_type", (string)App::DEVICE_PC))) { + Log::notice("invalid device_type params :" . $request->get("device_type")); + return $this->error400(); + } + $this->set('req_device_type', $request->get("device_type")); return "admin/blog_templates/fc2_index.twig"; } @@ -101,6 +112,12 @@ public function fc2_view(Request $request): string $device_type = $request->get('device_type', (string)App::DEVICE_PC); $request->set('device_type', $device_type); + if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) { + Log::notice("invalid device_type params :" . $request->get("device_type")); + return $this->error400(); + } + $this->set('req_device_type', $request->get("device_type")); + // テンプレート取得 $device_key = App::getDeviceFc2Key($device_type); $template = Model::load('Fc2Templates')->findByIdAndDevice($request->get('fc2_id'), $device_key); @@ -177,13 +194,15 @@ public function edit(Request $request): string $id = $request->get('id'); $blog_id = $this->getBlogIdFromSession(); + $blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id); // 初期表示時に編集データの取得&設定 if (!$request->get('blog_template') || !$request->isValidPost()) { - if (!$blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id)) { + if (!$blog_template) { $this->redirect($request, ['action' => 'index']); } $request->set('blog_template', $blog_template); + $this->set('blog_template', $blog_template); return "admin/blog_templates/edit.twig"; } diff --git a/app/src/Web/Controller/Admin/CategoriesController.php b/app/src/Web/Controller/Admin/CategoriesController.php index f387c7d2..34948c92 100644 --- a/app/src/Web/Controller/Admin/CategoriesController.php +++ b/app/src/Web/Controller/Admin/CategoriesController.php @@ -40,6 +40,7 @@ public function create(Request $request): string // 初期表示時 if (!$request->get('category') || !$request->isValidSig()) { + $this->set('show_category_list', true); return "admin/categories/create.twig"; } @@ -79,12 +80,16 @@ public function edit(Request $request): string $options = $categories_model->getParentList($blog_id, $id); $this->set('category_parents', [0 => ''] + $options); $this->set('categories_model_order_list', $categories_model::getOrderList()); + $category = $categories_model->findByIdAndBlogId($id, $blog_id); + $this->set('category', $category); + + // 編集対象がみつからないので、新規作成にリダイレクト + if ($category === false) { + $this->redirect($request, ['action' => 'create']); + } // 初期表示時に編集データの取得&設定 if (!$request->get('category') || !$request->isValidSig()) { - if (!$category = $categories_model->findByIdAndBlogId($id, $blog_id)) { - $this->redirect($request, ['action' => 'create']); - } $request->set('category', $category); return "admin/categories/edit.twig"; } diff --git a/app/src/Web/Controller/Admin/TagsController.php b/app/src/Web/Controller/Admin/TagsController.php index 6396b8bb..e8549931 100644 --- a/app/src/Web/Controller/Admin/TagsController.php +++ b/app/src/Web/Controller/Admin/TagsController.php @@ -83,10 +83,10 @@ public function edit(Request $request): string { $tags_model = new TagsModel(); - $id = $request->get('id'); + $tag_id = $request->get('id'); $blog_id = $this->getBlogIdFromSession(); - if (!$tag = $tags_model->findByIdAndBlogId($id, $blog_id)) { + if (!$tag = $tags_model->findByIdAndBlogId($tag_id, $blog_id)) { $this->redirect($request, ['action' => 'index']); } $this->set('tag', $tag); @@ -104,11 +104,11 @@ public function edit(Request $request): string // 更新処理 if (!$request->isPost()) return $this->error400(); $tag_request = $request->get('tag'); - $tag_request['id'] = $id; + $tag_request['id'] = $tag_id; $tag_request['blog_id'] = $blog_id; $errors['tag'] = $tags_model->validate($tag_request, $data, ['name']); if (empty($errors['tag'])) { - if ($tags_model->updateByIdAndBlogId($data, $id, $blog_id)) { + if ($tags_model->updateByIdAndBlogId($data, $tag_id, $blog_id)) { $this->setInfoMessage(__('I have updated the tag')); // 元の画面へ戻る diff --git a/app/twig_templates/admin/blog_plugins/edit.twig b/app/twig_templates/admin/blog_plugins/edit.twig index c2226d0f..f15108ac 100644 --- a/app/twig_templates/admin/blog_plugins/edit.twig +++ b/app/twig_templates/admin/blog_plugins/edit.twig @@ -6,7 +6,7 @@
- + {{ input(req, 'blog_plugin[device_type]', 'hidden') }} {{ input(req, 'blog_plugin[category]', 'hidden') }} diff --git a/app/twig_templates/admin/blog_plugins/edit_sp.twig b/app/twig_templates/admin/blog_plugins/edit_sp.twig index 2522b79d..7f22011d 100644 --- a/app/twig_templates/admin/blog_plugins/edit_sp.twig +++ b/app/twig_templates/admin/blog_plugins/edit_sp.twig @@ -6,7 +6,7 @@ - + {{ input(req, 'blog_plugin[device_type]', 'hidden') }} {{ input(req, 'blog_plugin[category]', 'hidden') }} @@ -71,7 +71,7 @@
diff --git a/app/twig_templates/admin/blog_plugins/index_sp.twig b/app/twig_templates/admin/blog_plugins/index_sp.twig index 9807c8e3..1800cac6 100644 --- a/app/twig_templates/admin/blog_plugins/index_sp.twig +++ b/app/twig_templates/admin/blog_plugins/index_sp.twig @@ -288,15 +288,13 @@ }); // 初期表示 - {% if req.get('state') == 'display' %} + {% if state == 'display' %} $('#plugin_radio_display').prop('checked', true); pluginSwitch('display'); - {% endif %} - {% if req.get('state') == 'sort' %} + {% elseif state == 'sort' %} $('#plugin_radio_sort').prop('checked', true); pluginSwitch('sort'); - {% endif %} - {% if req.get('state') != 'display' and req.get('state') == 'sort' %} + {% else %} pluginSwitch('detail'); {% endif %} }); diff --git a/app/twig_templates/admin/blog_plugins/plugin_search.twig b/app/twig_templates/admin/blog_plugins/plugin_search.twig index a41ba4c4..783c9f74 100644 --- a/app/twig_templates/admin/blog_plugins/plugin_search.twig +++ b/app/twig_templates/admin/blog_plugins/plugin_search.twig @@ -29,10 +29,21 @@ {{ t(plugin.title, 20) }} {{ plugin.body|nl2br }} - {{ _('Download') }} + + + + + + - {{ _('Preview') }} +
+ + + + + +
{% if not is_official %} diff --git a/app/twig_templates/admin/blog_plugins/plugin_search_sp.twig b/app/twig_templates/admin/blog_plugins/plugin_search_sp.twig index e0692fbf..970e718b 100644 --- a/app/twig_templates/admin/blog_plugins/plugin_search_sp.twig +++ b/app/twig_templates/admin/blog_plugins/plugin_search_sp.twig @@ -13,8 +13,19 @@

{{ t(plugin.title, 20) }}

{{ t(plugin.body, 20) }}

- {{ _('Add') }} - {{ _('Preview') }} +
+ + + + +
+
+ + + + + +
{% endfor %} diff --git a/app/twig_templates/admin/blog_plugins/register.twig b/app/twig_templates/admin/blog_plugins/register.twig index 5d072269..e872b273 100644 --- a/app/twig_templates/admin/blog_plugins/register.twig +++ b/app/twig_templates/admin/blog_plugins/register.twig @@ -9,7 +9,7 @@
- + diff --git a/app/twig_templates/admin/blog_templates/edit.twig b/app/twig_templates/admin/blog_templates/edit.twig index dce989e4..a69a881c 100644 --- a/app/twig_templates/admin/blog_templates/edit.twig +++ b/app/twig_templates/admin/blog_templates/edit.twig @@ -7,7 +7,7 @@ - +

{{ _('Template name') }}

diff --git a/app/twig_templates/admin/blog_templates/fc2_index.twig b/app/twig_templates/admin/blog_templates/fc2_index.twig index 68332ae5..d531c0a3 100644 --- a/app/twig_templates/admin/blog_templates/fc2_index.twig +++ b/app/twig_templates/admin/blog_templates/fc2_index.twig @@ -3,7 +3,7 @@ {% block content %} -

{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]

+

{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]

{% if templates %} {% for template in templates %} @@ -18,11 +18,11 @@
- {{ _('Preview') }} + {{ _('Preview') }} - + diff --git a/app/twig_templates/admin/blog_templates/fc2_index_sp.twig b/app/twig_templates/admin/blog_templates/fc2_index_sp.twig index b77f858f..bc19f457 100644 --- a/app/twig_templates/admin/blog_templates/fc2_index_sp.twig +++ b/app/twig_templates/admin/blog_templates/fc2_index_sp.twig @@ -3,13 +3,13 @@ {% block content %} -

{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]

+

{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]

{% if templates %}
    {% for template in templates %}
  • - + {{ template.name }}

    {{ template.name }}

     diff --git a/app/twig_templates/admin/blog_templates/fc2_view_sp.twig b/app/twig_templates/admin/blog_templates/fc2_view_sp.twig index 7668ba19..09b7f18a 100644 --- a/app/twig_templates/admin/blog_templates/fc2_view_sp.twig +++ b/app/twig_templates/admin/blog_templates/fc2_view_sp.twig @@ -3,14 +3,14 @@ {% block content %} -

    {{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]

    +

    {{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]

    テンプレートの詳細

    - +

    @@ -19,7 +19,7 @@

    - {{ _('Preview') }} + {{ _('Preview') }}

    diff --git a/app/twig_templates/admin/blog_templates/index_sp.twig b/app/twig_templates/admin/blog_templates/index_sp.twig index 6027a50c..e83554a2 100644 --- a/app/twig_templates/admin/blog_templates/index_sp.twig +++ b/app/twig_templates/admin/blog_templates/index_sp.twig @@ -8,7 +8,7 @@

    diff --git a/app/twig_templates/admin/categories/create.twig b/app/twig_templates/admin/categories/create.twig index 15f822db..81606a16 100644 --- a/app/twig_templates/admin/categories/create.twig +++ b/app/twig_templates/admin/categories/create.twig @@ -43,7 +43,7 @@ {% endif %} - {% if not req.get('category') %} + {% if show_category_list %}

    {{ _('Categories') }}

      {{ renderCategoriesTree2(req, categories) }} diff --git a/app/twig_templates/admin/categories/create_sp.twig b/app/twig_templates/admin/categories/create_sp.twig index 7a8c7d4c..eaae463c 100644 --- a/app/twig_templates/admin/categories/create_sp.twig +++ b/app/twig_templates/admin/categories/create_sp.twig @@ -33,8 +33,7 @@ {{ input(req, 'sig', 'hidden', {'value': sig}) }} - {% if not req.get('category') %} - + {% if show_category_list %}

      {{ _('Categories') }}

        diff --git a/app/twig_templates/admin/categories/edit.twig b/app/twig_templates/admin/categories/edit.twig index 65cc751f..72983143 100644 --- a/app/twig_templates/admin/categories/edit.twig +++ b/app/twig_templates/admin/categories/edit.twig @@ -6,7 +6,7 @@
        - + diff --git a/app/twig_templates/admin/categories/edit_sp.twig b/app/twig_templates/admin/categories/edit_sp.twig index c67de0d2..3f005025 100644 --- a/app/twig_templates/admin/categories/edit_sp.twig +++ b/app/twig_templates/admin/categories/edit_sp.twig @@ -6,7 +6,7 @@

        {{ _('Edit category') }}

        - +
        @@ -37,9 +37,9 @@
      • {{ _('I Back to List') }}
        • - {% if req.get('id') != 1 %} + {% if category.id != 1 %}
      • - {{ _('Delete') }}
        • {% endif %} diff --git a/app/twig_templates/admin/files/edit.twig b/app/twig_templates/admin/files/edit.twig index 5df4ce0c..9dc371a1 100644 --- a/app/twig_templates/admin/files/edit.twig +++ b/app/twig_templates/admin/files/edit.twig @@ -7,10 +7,10 @@ - + - {{ file.name }} + {{ file.name }} {% if errors.file.ext %}

        {{ errors.file.ext }}

        diff --git a/app/twig_templates/admin/files/edit_sp.twig b/app/twig_templates/admin/files/edit_sp.twig index ab8db298..37b0d575 100644 --- a/app/twig_templates/admin/files/edit_sp.twig +++ b/app/twig_templates/admin/files/edit_sp.twig @@ -17,7 +17,7 @@

        {{ _('Edit File') }}

        - +
        diff --git a/app/twig_templates/admin/tags/edit.twig b/app/twig_templates/admin/tags/edit.twig index 58255ffa..7113f70b 100644 --- a/app/twig_templates/admin/tags/edit.twig +++ b/app/twig_templates/admin/tags/edit.twig @@ -6,7 +6,7 @@ - +
        diff --git a/app/twig_templates/admin/tags/edit_sp.twig b/app/twig_templates/admin/tags/edit_sp.twig index d7ed9f1b..e00c9ad2 100644 --- a/app/twig_templates/admin/tags/edit_sp.twig +++ b/app/twig_templates/admin/tags/edit_sp.twig @@ -6,7 +6,7 @@

        {{ _('Edit tag') }}

        - + {{ input(req, 'back_url', 'hidden', {'default': req.get('back_url')}) }}