テンプレートで用いられている、req.get("id")などの廃止 #338

app/src/App.php

@@ -241,11 +241,7 @@ public static function getDeviceType(Request $request): int
 
         // Cookieからデバイスタイプを取得
         $device_type = $request->rawCookie('device');
-        $devices = [
-            App::DEVICE_PC,
-            App::DEVICE_SP,
-        ];
-        if (!empty($device_type) && in_array($device_type, $devices)) {
+        if (!empty($device_type) && static::isExistsDeviceId($device_type)) {
             return (int)$device_type;
         }
 
@@ -261,6 +257,16 @@ public static function getDeviceType(Request $request): int
         return App::DEVICE_PC;
     }
 
+    /**
+     * デバイスタイプが既知のものか？（許可されているか？）
+     * @param string $id
+     * @return bool
+     */
+    public static function isExistsDeviceId(string $id): bool
+    {
+        return in_array($id, self::ALLOW_DEVICES);
+    }
+
     /**
      * デバイスタイプを取得する
      * @param Request $request
@@ -269,8 +275,7 @@ public static function getDeviceType(Request $request): int
     public static function getDeviceTypeStr(Request $request): string
     {
         $device_id = static::getDeviceType($request);
-        $device_table = App::DEVICE_FC2_KEY;
-        return $device_table[$device_id];
+        return App::DEVICE_FC2_KEY[$device_id] ?? App::DEVICE_FC2_KEY[App::DEVICE_PC];
     }
 
     /**

app/src/Web/Controller/Admin/BlogPluginsController.php

@@ -9,6 +9,7 @@
 use Fc2blog\Model\BlogTemplatesModel;
 use Fc2blog\Model\Model;
 use Fc2blog\Model\PluginsModel;
+use Fc2blog\Util\Log;
 use Fc2blog\Web\Request;
 
 class BlogPluginsController extends AdminController
@@ -45,6 +46,7 @@ public function index(Request $request): string
             }
         }
         $this->set('blog_plugin_json', $blog_plugin_json);
+        $this->set('state', $request->get('state'));
 
         return "admin/blog_plugins/index.twig";
     }
@@ -73,6 +75,8 @@ public function share_search(Request $request): string
         return $this->plugin_search($request, false);
     }
 
+    const ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE = "1-3";
+
     /**
      * プラグイン検索 （内部呼び出し）
      * @param Request $request
@@ -117,6 +121,11 @@ private function plugin_search(Request $request, bool $is_official = true): stri
         $this->set('req_device_name', __(BlogTemplatesModel::getDeviceName((int)$request->get('device_type'))));
         $this->set('device_key', App::getDeviceFc2Key($request->get('device_type')));
         $this->set('is_official', $is_official);
+        if (!preg_match('/\A[' . self::ALLOWED_PLUGIN_CATEGORY_TYPE_RANGE . ']\z/u', $request->get('category'))) {
+            Log::notice("Request invalid plugin category type " . $request->get('category'));
+            return $this->error400();
+        }
+        $this->set('plugin_category_type_id', $request->get('category'));
 
         return 'admin/blog_plugins/plugin_search.twig';
     }
@@ -191,13 +200,15 @@ public function edit(Request $request): string
         $this->set('device_type_sp', (string)App::DEVICE_SP);
 
         // 編集対象のデータ取得、なければリダイレクト
-        if (!$blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id)) {
+        $blog_plugin = $blog_plugins_model->findByIdAndBlogId($id, $blog_id);
+        if ($blog_plugin === false) {
             $this->redirect($request, array('action' => 'index'));
         }
 
         // 初期表示時に編集データの設定
         if (!$request->get('blog_plugin') || !$request->isValidSig()) {
             $request->set('blog_plugin', $blog_plugin);
+            $this->set('blog_plugin', $blog_plugin);
             return "admin/blog_plugins/edit.twig";
         }
 

app/src/Web/Controller/Admin/BlogTemplatesController.php

@@ -10,6 +10,7 @@
 use Fc2blog\Model\Fc2TemplatesModel;
 use Fc2blog\Model\Model;
 use Fc2blog\Service\BlogService;
+use Fc2blog\Util\Log;
 use Fc2blog\Web\Request;
 
 class BlogTemplatesController extends AdminController
@@ -45,6 +46,11 @@ public function index(Request $request): string
         }
         $this->set('device_blog_templates', $device_blog_templates);
         $this->set('devices', BlogTemplatesModel::DEVICE_NAME);
+        if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) {
+            Log::notice("invalid device_type params :" . $request->get("device_type"));
+            return $this->error400();
+        }
+        $this->set('req_device_type', $request->get("device_type"));
 
         return "admin/blog_templates/index.twig";
     }
@@ -77,6 +83,11 @@ public function fc2_index(Request $request): string
         $this->set('templates', $templates);
         $this->set('paging', $paging);
         $this->set('devices', BlogTemplatesModel::DEVICE_NAME);
+        if (!App::isExistsDeviceId((string)$request->get("device_type", (string)App::DEVICE_PC))) {
+            Log::notice("invalid device_type params :" . $request->get("device_type"));
+            return $this->error400();
+        }
+        $this->set('req_device_type', $request->get("device_type"));
 
         return "admin/blog_templates/fc2_index.twig";
     }
@@ -101,6 +112,12 @@ public function fc2_view(Request $request): string
         $device_type = $request->get('device_type', (string)App::DEVICE_PC);
         $request->set('device_type', $device_type);
 
+        if (!App::isExistsDeviceId($request->get("device_type", (string)App::DEVICE_PC))) {
+            Log::notice("invalid device_type params :" . $request->get("device_type"));
+            return $this->error400();
+        }
+        $this->set('req_device_type', $request->get("device_type"));
+
         // テンプレート取得
         $device_key = App::getDeviceFc2Key($device_type);
         $template = Model::load('Fc2Templates')->findByIdAndDevice($request->get('fc2_id'), $device_key);
@@ -177,13 +194,15 @@ public function edit(Request $request): string
 
         $id = $request->get('id');
         $blog_id = $this->getBlogIdFromSession();
+        $blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id);
 
         // 初期表示時に編集データの取得&設定
         if (!$request->get('blog_template') || !$request->isValidPost()) {
-            if (!$blog_template = $blog_templates_model->findByIdAndBlogId($id, $blog_id)) {
+            if (!$blog_template) {
                 $this->redirect($request, ['action' => 'index']);
             }
             $request->set('blog_template', $blog_template);
+            $this->set('blog_template', $blog_template);
             return "admin/blog_templates/edit.twig";
         }
 

app/src/Web/Controller/Admin/CategoriesController.php

@@ -40,6 +40,7 @@ public function create(Request $request): string
 
         // 初期表示時
         if (!$request->get('category') || !$request->isValidSig()) {
+            $this->set('show_category_list', true);
             return "admin/categories/create.twig";
         }
 
@@ -79,12 +80,16 @@ public function edit(Request $request): string
         $options = $categories_model->getParentList($blog_id, $id);
         $this->set('category_parents', [0 => ''] + $options);
         $this->set('categories_model_order_list', $categories_model::getOrderList());
+        $category = $categories_model->findByIdAndBlogId($id, $blog_id);
+        $this->set('category', $category);
+
+        // 編集対象がみつからないので、新規作成にリダイレクト
+        if ($category === false) {
+            $this->redirect($request, ['action' => 'create']);
+        }
 
         // 初期表示時に編集データの取得&設定
         if (!$request->get('category') || !$request->isValidSig()) {
-            if (!$category = $categories_model->findByIdAndBlogId($id, $blog_id)) {
-                $this->redirect($request, ['action' => 'create']);
-            }
             $request->set('category', $category);
             return "admin/categories/edit.twig";
         }

app/src/Web/Controller/Admin/TagsController.php

@@ -83,10 +83,10 @@ public function edit(Request $request): string
     {
         $tags_model = new TagsModel();
 
-        $id = $request->get('id');
+        $tag_id = $request->get('id');
         $blog_id = $this->getBlogIdFromSession();
 
-        if (!$tag = $tags_model->findByIdAndBlogId($id, $blog_id)) {
+        if (!$tag = $tags_model->findByIdAndBlogId($tag_id, $blog_id)) {
             $this->redirect($request, ['action' => 'index']);
         }
         $this->set('tag', $tag);
@@ -104,11 +104,11 @@ public function edit(Request $request): string
         // 更新処理
         if (!$request->isPost()) return $this->error400();
         $tag_request = $request->get('tag');
-        $tag_request['id'] = $id;
+        $tag_request['id'] = $tag_id;
         $tag_request['blog_id'] = $blog_id;
         $errors['tag'] = $tags_model->validate($tag_request, $data, ['name']);
         if (empty($errors['tag'])) {
-            if ($tags_model->updateByIdAndBlogId($data, $id, $blog_id)) {
+            if ($tags_model->updateByIdAndBlogId($data, $tag_id, $blog_id)) {
                 $this->setInfoMessage(__('I have updated the tag'));
 
                 // 元の画面へ戻る

app/twig_templates/admin/blog_plugins/edit.twig

@@ -6,7 +6,7 @@
 
     <form action="edit" method="post" id="sys-blog-plugin-form" class="admin-form">
 
-        <input type="hidden" name="id" value="{{ req.get('id') }}"/>
+        <input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
         {{ input(req, 'blog_plugin[device_type]', 'hidden') }}
         {{ input(req, 'blog_plugin[category]', 'hidden') }}
         <input type="hidden" name="sig" value="{{ sig }}"/>

app/twig_templates/admin/blog_plugins/edit_sp.twig

@@ -6,7 +6,7 @@
 
     <form action="edit" method="post" id="sys-blog-plugin-form" class="admin-form">
 
-        <input type="hidden" name="id" value="{{ req.get('id') }}"/>
+        <input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
         {{ input(req, 'blog_plugin[device_type]', 'hidden') }}
         {{ input(req, 'blog_plugin[category]', 'hidden') }}
         <input type="hidden" name="sig" value="{{ sig }}"/>
@@ -71,7 +71,7 @@
     <div class="btn_area">
         <ul class="btn_area_inner">
             <li>
-                <a href="{{ url(req, 'blog_plugins', 'delete', {id: req.get('id'), sig: sig}) }}" class="btn_contents touch"
+                <a href="{{ url(req, 'blog_plugins', 'delete', {id: blog_plugin.id, sig: sig}) }}" class="btn_contents touch"
                    onclick="return confirm('{{ _('Are you sure you want to delete?') }}');"><i class="delete_icon btn_icon"></i>{{ _('Delete') }}</a>
             </li>
         </ul>

app/twig_templates/admin/blog_plugins/index_sp.twig

@@ -288,15 +288,13 @@
             });
 
             // 初期表示
-            {% if req.get('state') == 'display' %}
+            {% if state == 'display' %}
             $('#plugin_radio_display').prop('checked', true);
             pluginSwitch('display');
-            {% endif %}
-            {% if req.get('state') == 'sort' %}
+            {% elseif state == 'sort' %}
             $('#plugin_radio_sort').prop('checked', true);
             pluginSwitch('sort');
-            {% endif %}
-            {% if req.get('state') != 'display' and req.get('state') == 'sort' %}
+            {% else %}
             pluginSwitch('detail');
             {% endif %}
         });

app/twig_templates/admin/blog_plugins/plugin_search.twig

@@ -29,10 +29,21 @@
                 <td>{{ t(plugin.title, 20) }}</td>
                 <td>{{ plugin.body|nl2br }}</td>
                 <td class="center">
-                    <a href="{{ url(req, 'blog_plugins', 'download', {id: plugin.id, category: req.get('category'), sig: sig}) }}">{{ _('Download') }}</a>
+                    <form action="{{ url(req, 'blog_plugins', 'download') }}" method="post">
+                        <input type="hidden" name="id" value="{{ plugin.id }}">
+                        <input type="hidden" name="category" value="{{ plugin_category_type_id }}">
+                        <input type="hidden" name="sig" value="{{ sig }}">
+                        <button>{{ _('Download') }}</button>
+                    </form>
                 </td>
                 <td class="center">
-                    <a href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, plugin_id: plugin.id, category: req.get('category'), device_key: 1}, false, true, false) }}" target="_blank">{{ _('Preview') }}</a>
+                    <form action="{{ url(req, 'Entries', 'preview', {}, false, true, false) }}" method="post" target="_blank">
+                        <input type="hidden" name="blog_id" value="{{ blog.id }}">
+                        <input type="hidden" name="plugin_id" value="{{ plugin.id }}">
+                        <input type="hidden" name="category" value="{{ plugin_category_type_id }}">
+                        <input type="hidden" name="device_key" value="1">
+                        <button>{{ _('Preview') }}</button>
+                    </form>
                 </td>
                 {% if not is_official %}
                     <td class="center">

app/twig_templates/admin/blog_plugins/plugin_search_sp.twig

@@ -13,8 +13,19 @@
                 <h4>{{ t(plugin.title, 20) }}</h4>
                 <p>{{ t(plugin.body, 20) }}</p>
                 <div class="parallel_btn">
-                    <a class="btn_contents touch" href="{{ url(req, 'blog_plugins', 'download', {id: plugin.id, category: req.get('category'), sig: sig}) }}">{{ _('Add') }}</a>
-                    <a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, plugin_id: plugin.id, category: req.get('category'), device_key: 1}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
+                    <form action="{{ url(req, 'blog_plugins', 'download') }}" method="post" style="display: inline">
+                        <input type="hidden" name="id" value="{{ plugin.id }}">
+                        <input type="hidden" name="category" value="{{ plugin_category_type_id }}">
+                        <input type="hidden" name="sig" value="{{ sig }}">
+                        <button class="btn_contents touch">{{ _('Add') }}</button>
+                    </form>
+                    <form action="{{ url(req, 'Entries', 'preview', {}, false, true, false) }}" method="post" target="_blank" style="display: inline">
+                        <input type="hidden" name="blog_id" value="{{ blog.id }}">
+                        <input type="hidden" name="plugin_id" value="{{ plugin.id }}">
+                        <input type="hidden" name="category" value="{{ plugin_category_type_id }}">
+                        <input type="hidden" name="device_key" value="1">
+                        <button class="btn_contents touch">{{ _('Preview') }}</button>
+                    </form>
                 </div>
             </li>
         {% endfor %}

app/twig_templates/admin/blog_plugins/register.twig

@@ -9,7 +9,7 @@
 
     <form action="register" method="post" id="sys-plugin-form" class="admin-form">
 
-        <input type="hidden" name="id" value="{{ req.get('id') }}"/>
+        <input type="hidden" name="id" value="{{ blog_plugin.id }}"/>
         <input type="hidden" name="sig" value="{{ sig }}"/>
         <table>
             <tbody>

app/twig_templates/admin/blog_templates/edit.twig

@@ -7,7 +7,7 @@
 
     <form action="edit" method="post" id="sys-blog-template-form" class="admin-form">
 
-        <input type="hidden" name="id" value="{{ req.get('id') }}"/>
+        <input type="hidden" name="id" value="{{ blog_template.id }}"/>
         <input type="hidden" name="sig" value="{{ sig }}"/>
 
         <h3>{{ _('Template name') }}</h3>

app/twig_templates/admin/blog_templates/fc2_index.twig

@@ -3,7 +3,7 @@
 
 {% block content %}
 
-    <header><h2>{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h2></header>
+    <header><h2>{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h2></header>
 
     {% if templates %}
         {% for template in templates %}
@@ -18,11 +18,11 @@
                 </tr>
                 <tr>
                     <td class="btn">
-                        <a class="admin_common_btn create_btn" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id:template.id, device_type: req.get('device_type')}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
+                        <a class="admin_common_btn create_btn" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id:template.id, device_type: req_device_type}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
                         <form action="{{ url(req, 'blog_templates', 'download') }}" method="post" style="display: inline">
                             <input type="hidden" name="sig" value="{{ sig }}">
                             <input type="hidden" name="fc2_id" value="{{ template.id }}">
-                            <input type="hidden" name="device_type" value="{{ req.get('device_type') }}">
+                            <input type="hidden" name="device_type" value="{{ req_device_type }}">
                             <button type="submit" class="admin_common_btn create_btn">{{ _('Download') }}</button>
                         </form>
 

app/twig_templates/admin/blog_templates/fc2_index_sp.twig

@@ -3,13 +3,13 @@
 
 {% block content %}
 
-    <header><h1 class="sh_heading_main_b">{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h1></header>
+    <header><h1 class="sh_heading_main_b">{{ _('FC2 Template list') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h1></header>
 
     {% if templates %}
         <ul class="template_list">
             {% for template in templates %}
                 <li class="template_list_item">
-                    <a href="{{ url(req, 'blog_templates', 'fc2_view', {fc2_id: template.id, device_type: req.get('device_type')}) }}">
+                    <a href="{{ url(req, 'blog_templates', 'fc2_view', {fc2_id: template.id, device_type: req_device_type}) }}">
                         <img class="template_img" src="{{ template.image }}" alt="{{ template.name }}">
                         <p class="template_name">{{ template.name }}</p>
                     </a>

app/twig_templates/admin/blog_templates/fc2_view_sp.twig

@@ -3,14 +3,14 @@
 
 {% block content %}
 
-    <header><h1 class="sh_heading_main_b">{{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req.get('device_type'))) }}]</h1></header>
+    <header><h1 class="sh_heading_main_b">{{ _('FC2 Template detail') }}[{{ _(attribute(constant('Fc2blog\\App::DEVICE_FC2_KEY'), req_device_type)) }}]</h1></header>
     <h2><span class="h2_inner">テンプレートの詳細</span></h2>
 
     <div class="template_detail">
         <form action="{{ url(req, 'blog_templates', 'download') }}" method="post" id="template_download_form">
             <input type="hidden" name="sig" value="{{ sig }}">
             <input type="hidden" name="fc2_id" value="{{ template.id }}">
-            <input type="hidden" name="device_type" value="{{ req.get('device_type') }}">
+            <input type="hidden" name="device_type" value="{{ req_device_type }}">
         </form>
         <div class="left_column">
             <p class="template_img">
@@ -19,7 +19,7 @@
         </div>
         <div class="right_column">
             <p>
-                <a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id: template.id, device_type: req.get('device_type')}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
+                <a class="btn_contents touch" href="{{ url(req, 'Entries', 'preview', {blog_id: blog.id, fc2_id: template.id, device_type: req_device_type}, false, true) }}" target="_blank">{{ _('Preview') }}</a>
             </p>
             <p>
                 <button class="btn_contents touch" onclick="$('#template_download_form').submit()">{{ _('Download') }}</button>

app/twig_templates/admin/blog_templates/index_sp.twig

@@ -8,7 +8,7 @@
         <div class="form_contents">
             <select onchange="location.href=$(this).val();">
                 {% for key, device_en in devices %}
-                    <option value="{{ url(req, 'BlogTemplates', 'index', {device_type:key}) }}" {% if req.get('device_type') == key %}selected="selected"{% endif %}>{{ _(device_en) }}</option>
+                    <option value="{{ url(req, 'BlogTemplates', 'index', {device_type:key}) }}" {% if req_device_type == key %}selected="selected"{% endif %}>{{ _(device_en) }}</option>
                 {% endfor %}
             </select>
         </div>