From 871ba0161ada7278039ca5c47819f251b8cb9283 Mon Sep 17 00:00:00 2001 From: kurozumi Date: Thu, 1 Jul 2021 21:32:55 +0900 Subject: [PATCH 1/8] =?UTF-8?q?=E3=83=95=E3=83=AD=E3=83=B3=E3=83=88?= =?UTF-8?q?=E5=85=A5=E5=8A=9B=E9=A0=85=E7=9B=AE=E3=81=AE=E3=82=B5=E3=83=8B?= =?UTF-8?q?=E3=82=BF=E3=82=A4=E3=82=BA?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- app/config/eccube/bundles.php | 1 + app/config/eccube/services.yaml | 6 + composer.json | 1 + composer.lock | 113 +++++++++++++++++- .../HTMLPurifierTextTypeExtension.php | 56 +++++++++ symfony.lock | 12 ++ .../Eccube/Tests/Web/EntryControllerTest.php | 18 +++ 7 files changed, 205 insertions(+), 2 deletions(-) create mode 100644 src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php diff --git a/app/config/eccube/bundles.php b/app/config/eccube/bundles.php index 6a3ba63f6f8..283e9d347e5 100644 --- a/app/config/eccube/bundles.php +++ b/app/config/eccube/bundles.php @@ -29,4 +29,5 @@ Symfony\Bundle\MakerBundle\MakerBundle::class => ['dev' => true], SunCat\MobileDetectBundle\MobileDetectBundle::class => ['all' => true], Knp\Bundle\PaginatorBundle\KnpPaginatorBundle::class => ['all' => true], + Exercise\HTMLPurifierBundle\ExerciseHTMLPurifierBundle::class => ['all' => true], ]; diff --git a/app/config/eccube/services.yaml b/app/config/eccube/services.yaml index 5c21353fe0f..cecd22a2769 100644 --- a/app/config/eccube/services.yaml +++ b/app/config/eccube/services.yaml @@ -201,3 +201,9 @@ services: - { name: mobile_detect.mobile_detector.default } - { name: mobile_detect.mobile_detector } public: true + + Eccube\Form\Extension\HTMLPurifierTextTypeExtension: + arguments: + - '@Eccube\Request\Context' + tags: + - { name: form.type_extension, priority: -99, extended_type: Symfony\Component\Form\Extension\Core\Type\TextType } diff --git a/composer.json b/composer.json index 22c4d9b4451..dea9adad5e9 100644 --- a/composer.json +++ b/composer.json @@ -35,6 +35,7 @@ "easycorp/easy-log-handler": "^1.0", "ec-cube/plugin-installer": "^2.0", "egulias/email-validator": "^2.1", + "exercise/htmlpurifier-bundle": "^3.1", "friendsofphp/php-cs-fixer": "^2.16", "guzzlehttp/guzzle": "^6.3", "knplabs/knp-paginator-bundle": "^2.7", diff --git a/composer.lock b/composer.lock index 5ad0a772b8e..a6edff8d338 100644 --- a/composer.lock +++ b/composer.lock @@ -4,7 +4,7 @@ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "ae13bcf64841b5eeb7d7950a4c2cc3d0", + "content-hash": "2df93f57397322d15cfbbb6256246a27", "packages": [ { "name": "composer/ca-bundle", @@ -2197,6 +2197,114 @@ ], "time": "2020-12-29T14:50:06+00:00" }, + { + "name": "exercise/htmlpurifier-bundle", + "version": "v3.1.0", + "source": { + "type": "git", + "url": "https://github.com/Exercise/HTMLPurifierBundle.git", + "reference": "32f4709006e810efd8a72466a8e9d0672df4bc24" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/Exercise/HTMLPurifierBundle/zipball/32f4709006e810efd8a72466a8e9d0672df4bc24", + "reference": "32f4709006e810efd8a72466a8e9d0672df4bc24", + "shasum": "" + }, + "require": { + "ezyang/htmlpurifier": "~4.0", + "php": "^7.1.3 || ^8.0.0", + "symfony/config": "~3.4 || ~4.0 || ^5.0", + "symfony/dependency-injection": "~3.4.1 || ^4.0.1 || ^5.0", + "symfony/http-kernel": "~3.4.1 || ^4.0.1 || ^5.0" + }, + "require-dev": { + "friendsofphp/php-cs-fixer": "^2.0", + "symfony/form": "~3.4.1 || ^4.0.1 || ^5.0", + "symfony/phpunit-bridge": "4.4.*", + "twig/twig": "^1.35.0 || ^2.4.4 || ^3.0" + }, + "type": "symfony-bundle", + "extra": { + "branch-alias": { + "dev-master": "3.0.x-dev" + } + }, + "autoload": { + "psr-4": { + "Exercise\\HTMLPurifierBundle\\": "src/" + } + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "MIT" + ], + "authors": [ + { + "name": "contributors", + "homepage": "https://github.com/Exercise/HTMLPurifierBundle/contributors" + } + ], + "description": "HTMLPurifier integration for your Symfony project", + "homepage": "https://github.com/Exercise/HTMLPurifierBundle", + "keywords": [ + "Purifier", + "html", + "htmlpurifier", + "symfony" + ], + "time": "2020-12-28T19:57:39+00:00" + }, + { + "name": "ezyang/htmlpurifier", + "version": "v4.13.0", + "source": { + "type": "git", + "url": "https://github.com/ezyang/htmlpurifier.git", + "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75" + }, + "dist": { + "type": "zip", + "url": "https://api.github.com/repos/ezyang/htmlpurifier/zipball/08e27c97e4c6ed02f37c5b2b20488046c8d90d75", + "reference": "08e27c97e4c6ed02f37c5b2b20488046c8d90d75", + "shasum": "" + }, + "require": { + "php": ">=5.2" + }, + "require-dev": { + "simpletest/simpletest": "dev-master#72de02a7b80c6bb8864ef9bf66d41d2f58f826bd" + }, + "type": "library", + "autoload": { + "psr-0": { + "HTMLPurifier": "library/" + }, + "files": [ + "library/HTMLPurifier.composer.php" + ], + "exclude-from-classmap": [ + "/library/HTMLPurifier/Language/" + ] + }, + "notification-url": "https://packagist.org/downloads/", + "license": [ + "LGPL-2.1-or-later" + ], + "authors": [ + { + "name": "Edward Z. Yang", + "email": "admin@htmlpurifier.org", + "homepage": "http://ezyang.com" + } + ], + "description": "Standards compliant HTML filter written in PHP", + "homepage": "http://htmlpurifier.org/", + "keywords": [ + "html" + ], + "time": "2020-06-29T00:56:53+00:00" + }, { "name": "friendsofphp/php-cs-fixer", "version": "v2.18.4", @@ -6426,6 +6534,7 @@ "type": "tidelift" } ], + "abandoned": "use `EnglishInflector` from the String component instead", "time": "2021-03-17T16:19:54+00:00" }, { @@ -12386,5 +12495,5 @@ "platform-overrides": { "php": "7.1.3" }, - "plugin-api-version": "2.0.0" + "plugin-api-version": "1.1.0" } diff --git a/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php b/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php new file mode 100644 index 00000000000..33dda097f8c --- /dev/null +++ b/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php @@ -0,0 +1,56 @@ +context = $context; + } + + public function configureOptions(OptionsResolver $resolver) + { + if ($this->context->isFront()) { + $resolver->setDefault('purify_html', true); + } + } + + /** + * @return string + */ + public function getExtendedType(): string + { + return TextType::class; + } + + /** + * @return iterable + */ + public static function getExtendedTypes(): iterable + { + yield TextType::class; + } +} diff --git a/symfony.lock b/symfony.lock index e32308e2d06..ecd2eebeabc 100644 --- a/symfony.lock +++ b/symfony.lock @@ -140,6 +140,18 @@ "egulias/email-validator": { "version": "1.2.14" }, + "exercise/htmlpurifier-bundle": { + "version": "3.0", + "recipe": { + "repo": "github.com/symfony/recipes-contrib", + "branch": "master", + "version": "3.0", + "ref": "4667fd2103dc4645d234591e1c85f727c6fe0d11" + } + }, + "ezyang/htmlpurifier": { + "version": "v4.13.0" + }, "friendsofphp/php-cs-fixer": { "version": "2.2", "recipe": { diff --git a/tests/Eccube/Tests/Web/EntryControllerTest.php b/tests/Eccube/Tests/Web/EntryControllerTest.php index 89a5e90fa48..1da29a30472 100644 --- a/tests/Eccube/Tests/Web/EntryControllerTest.php +++ b/tests/Eccube/Tests/Web/EntryControllerTest.php @@ -207,4 +207,22 @@ public function testActivateWithAbort() $this->actual = $this->client->getResponse()->getStatusCode(); $this->verify(); } + + public function testConfirmWithDangerousText() + { + $formData = $this->createFormData(); + $formData['address']['addr01'] = ''; + + $crawler = $this->client->request('POST', + $this->generateUrl('entry'), + [ + 'entry' => $formData, + 'mode' => 'confirm', + ] + ); + + self::assertEquals('新規会員登録', $crawler->filter('.ec-pageHeader > h1')->text()); + self::assertCount(1, $crawler->filter('.ec-errorMessage')); + self::assertTrue($this->client->getResponse()->isSuccessful()); + } } From 3c212eb772914edd03fc54c615f343b986a8a9da Mon Sep 17 00:00:00 2001 From: kurozumi Date: Wed, 7 Jul 2021 23:07:46 +0900 Subject: [PATCH 2/8] =?UTF-8?q?&=E3=81=8C=E5=85=A5=E5=8A=9B=E3=81=95?= =?UTF-8?q?=E3=82=8C=E3=81=9F=E5=A0=B4=E5=90=88=E3=80=81&=E3=82=92?= =?UTF-8?q?=E5=85=A8=E8=A7=92=E3=81=AB=E5=A4=89=E6=8F=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../EventListener/HTMLPurifierListener.php | 39 +++++++++++++++++++ .../HTMLPurifierTextTypeExtension.php | 11 ++++++ .../Eccube/Tests/Web/EntryControllerTest.php | 17 ++++++++ 3 files changed, 67 insertions(+) create mode 100644 src/Eccube/Form/EventListener/HTMLPurifierListener.php diff --git a/src/Eccube/Form/EventListener/HTMLPurifierListener.php b/src/Eccube/Form/EventListener/HTMLPurifierListener.php new file mode 100644 index 00000000000..d5e7cea30b1 --- /dev/null +++ b/src/Eccube/Form/EventListener/HTMLPurifierListener.php @@ -0,0 +1,39 @@ + ['purifySubmittedData', /* as soon as possible */ 1000001], + ]; + } + + public function purifySubmittedData(FormEvent $event): void + { + if ('&' === $event->getData()) { + $event->setData(mb_convert_kana($event->getData(), 'A')); + } + } +} diff --git a/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php b/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php index 33dda097f8c..d6cad09c8a7 100644 --- a/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php +++ b/src/Eccube/Form/Extension/HTMLPurifierTextTypeExtension.php @@ -14,9 +14,11 @@ namespace Eccube\Form\Extension; +use Eccube\Form\EventListener\HTMLPurifierListener; use Eccube\Request\Context; use Symfony\Component\Form\AbstractTypeExtension; use Symfony\Component\Form\Extension\Core\Type\TextType; +use Symfony\Component\Form\FormBuilderInterface; use Symfony\Component\OptionsResolver\OptionsResolver; class HTMLPurifierTextTypeExtension extends AbstractTypeExtension @@ -53,4 +55,13 @@ public static function getExtendedTypes(): iterable { yield TextType::class; } + + public function buildForm(FormBuilderInterface $builder, array $options) + { + if ($options['purify_html']) { + $builder->addEventSubscriber( + new HTMLPurifierListener() + ); + } + } } diff --git a/tests/Eccube/Tests/Web/EntryControllerTest.php b/tests/Eccube/Tests/Web/EntryControllerTest.php index 1da29a30472..4da88f7391b 100644 --- a/tests/Eccube/Tests/Web/EntryControllerTest.php +++ b/tests/Eccube/Tests/Web/EntryControllerTest.php @@ -225,4 +225,21 @@ public function testConfirmWithDangerousText() self::assertCount(1, $crawler->filter('.ec-errorMessage')); self::assertTrue($this->client->getResponse()->isSuccessful()); } + + public function testConfirmWithAmpersand() + { + $formData = $this->createFormData(); + $formData['company_name'] = '&'; + + $crawler = $this->client->request('POST', + $this->generateUrl('entry'), + [ + 'entry' => $formData, + 'mode' => 'confirm', + ] + ); + + self::assertEquals('新規会員登録(確認)', $crawler->filter('.ec-pageHeader > h1')->text()); + self::assertEquals('&', $crawler->filter('#entry_company_name')->attr('value')); + } } From f1e8d0a3a3ec3271ccaf62fba22616e56b8f9364 Mon Sep 17 00:00:00 2001 From: kurozumi Date: Thu, 8 Jul 2021 10:57:07 +0900 Subject: [PATCH 3/8] =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Eccube/Tests/Web/ContactControllerTest.php | 4 ++-- tests/Eccube/Tests/Web/EntryControllerTest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Eccube/Tests/Web/ContactControllerTest.php b/tests/Eccube/Tests/Web/ContactControllerTest.php index fc07745b682..2b6b0411d9f 100644 --- a/tests/Eccube/Tests/Web/ContactControllerTest.php +++ b/tests/Eccube/Tests/Web/ContactControllerTest.php @@ -125,12 +125,12 @@ public function testCompleteWithSanitize() $this->actual = $Message->getSubject(); $this->verify(); - $this->assertContains('<Sanitize&>', $Message->getBody(), 'テキストメールがサニタイズされている'); + $this->assertNotContains('', $Message->getBody(), 'テキストメールがサニタイズされている'); $MultiPart = $Message->getChildren(); foreach ($MultiPart as $Part) { if ($Part->getContentType() == 'text/html') { - $this->assertContains('<Sanitize&>', $Part->getBody(), 'HTMLメールがサニタイズされている'); + $this->assertNotContains('', $Part->getBody(), 'HTMLメールがサニタイズされている'); } } } diff --git a/tests/Eccube/Tests/Web/EntryControllerTest.php b/tests/Eccube/Tests/Web/EntryControllerTest.php index 9c36a504d68..7efceb7d77d 100644 --- a/tests/Eccube/Tests/Web/EntryControllerTest.php +++ b/tests/Eccube/Tests/Web/EntryControllerTest.php @@ -190,12 +190,12 @@ public function testCompleteWithActivateWithMultipartSanitize() $this->actual = $Message->getSubject(); $this->verify(); - $this->assertContains('<Sanitize&>', $Message->getBody(), 'テキストメールがサニタイズされている'); + $this->assertNotContains('', $Message->getBody(), 'テキストメールがサニタイズされている'); $MultiPart = $Message->getChildren(); foreach ($MultiPart as $Part) { if ($Part->getContentType() == 'text/html') { - $this->assertContains('<Sanitize&>', $Part->getBody(), 'HTMLメールがサニタイズされている'); + $this->assertNotContains('', $Part->getBody(), 'HTMLメールがサニタイズされている'); } } } From 2ed453103d9e9a2e5980989a25abcf0c1497c28c Mon Sep 17 00:00:00 2001 From: kurozumi Date: Thu, 8 Jul 2021 21:56:18 +0900 Subject: [PATCH 4/8] =?UTF-8?q?<>&=E3=82=92=E5=85=A8=E8=A7=92=E5=A4=89?= =?UTF-8?q?=E6=8F=9B?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 13 +++++- .../EventListener/HTMLPurifierListener.php | 4 +- .../Tests/Web/Admin/Product/categories.csv | 7 ++++ .../Tests/Web/Admin/Product/products.csv | 42 +++++++++++++++++++ 4 files changed, 62 insertions(+), 4 deletions(-) create mode 100644 tests/Eccube/Tests/Web/Admin/Product/categories.csv create mode 100644 tests/Eccube/Tests/Web/Admin/Product/products.csv diff --git a/composer.json b/composer.json index dea9adad5e9..3cb2a42ada3 100644 --- a/composer.json +++ b/composer.json @@ -186,12 +186,23 @@ }, "config": { "platform": { - "php": "7.1.3" + "php": "7.4.20" }, "preferred-install": { "*": "dist" }, "optimize-autoloader": true, "sort-packages": true + }, + "repositories": { + "eccube": { + "type": "composer", + "url": "https://package-api-41beta.ec-cube.net", + "options": { + "http": { + "header": ["X-ECCUBE-KEY: abcxyzABCXYZ123098"] + } + } + } } } diff --git a/src/Eccube/Form/EventListener/HTMLPurifierListener.php b/src/Eccube/Form/EventListener/HTMLPurifierListener.php index d5e7cea30b1..9d6a5bfede3 100644 --- a/src/Eccube/Form/EventListener/HTMLPurifierListener.php +++ b/src/Eccube/Form/EventListener/HTMLPurifierListener.php @@ -32,8 +32,6 @@ public static function getSubscribedEvents(): array public function purifySubmittedData(FormEvent $event): void { - if ('&' === $event->getData()) { - $event->setData(mb_convert_kana($event->getData(), 'A')); - } + $event->setData(str_replace(['<', '>', '&'], ['<', '>', '&'], $event->getData())); } } diff --git a/tests/Eccube/Tests/Web/Admin/Product/categories.csv b/tests/Eccube/Tests/Web/Admin/Product/categories.csv new file mode 100644 index 00000000000..f61ebbd3b12 --- /dev/null +++ b/tests/Eccube/Tests/Web/Admin/Product/categories.csv @@ -0,0 +1,7 @@ +JeSID,JeS,eJeSID,JeS폜tO +2,CeA,, +1,Lb`c[,, +4,,1, +3,H,1,0 +5,tH[N,3, +6,V,,0 diff --git a/tests/Eccube/Tests/Web/Admin/Product/products.csv b/tests/Eccube/Tests/Web/Admin/Product/products.csv new file mode 100644 index 00000000000..612bdb523bb --- /dev/null +++ b/tests/Eccube/Tests/Web/Admin/Product/products.csv @@ -0,0 +1,42 @@ +iID,JXe[^X(ID),i,Vbvp,i(ꗗ),i(ڍ),[h,t[GA,i폜tO,i摜,iJeS(ID),^O(ID),̔(ID),Ki1(ID),Ki2(ID),ڈ(ID),iR[h,݌ɐ,݌ɐtO,̔,ʏ퉿i,̔i, +,1,aut,,Assumenda qui vero et enim magni temporibus voluptas. Accusantium excepturi non ab neque tempora reprehenderit. Nobis non soluta ipsa dolorem ipsa blanditiis quae.,Quis dolorum doloremque recusandae enim laborum. Consequuntur aut ex doloribus. Tempore id est qui in.,,,0,"dolore.jpg,quo.jpg,omnis.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,51791, +,1,eligendi,,Consequatur voluptas magnam enim expedita. Perspiciatis ut optio sit et debitis. Incidunt placeat repudiandae aspernatur qui nam minus. Sed ex itaque quia et adipisci dolorum.,Reiciendis qui quam quidem possimus amet a quas. Ut sequi ducimus officia. Dolores molestias aut dolores ipsam sapiente sit accusamus non. Nisi hic dicta similique ut animi quibusdam vero.,,,0,"officia.jpg,blanditiis.jpg,aliquam.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,82896, +,1,fugit,,Corrupti iusto sed possimus corporis ut porro minus voluptatem. Iure aut ipsum repellat iste ab.,Quos pariatur repellat iusto non qui ut nam. Soluta iusto ut aut impedit temporibus. Nihil debitis accusantium illo laborum culpa amet. Quibusdam necessitatibus laboriosam vitae odio in sit.,,,0,"magni.jpg,tempore.jpg,debitis.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,19857, +,1,voluptatem,,Sapiente a reiciendis consequatur. Et eaque hic eius ducimus et in. Sed voluptatum fugit vero recusandae. Perferendis sunt reprehenderit sapiente recusandae.,Ratione laboriosam ducimus deleniti et. Dolores ut quos eos aperiam. Reprehenderit officiis facilis itaque. Dolorum enim maiores facilis dolor eligendi nihil optio.,,,0,"velit.jpg,id.jpg,cumque.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,21521, +,1,harum,,Cum rerum laudantium unde laboriosam sit ipsam voluptatem commodi. Deleniti iure accusamus laboriosam ut qui eum. Quae assumenda dolor beatae ut quibusdam laudantium. Sed amet consequuntur in a.,Molestiae odio fugit dolore sit. Ipsa ut aliquid labore et iure est quam dignissimos.,,,0,"aut.jpg,commodi.jpg,vero.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,39925, +,1,aut,,Est quibusdam aut ut sunt. Deleniti ex est impedit ullam ea veniam. Asperiores ducimus dignissimos similique aliquid dicta laboriosam.,Aperiam non culpa illo sit assumenda magni porro. Consequatur optio ea iure iure sed similique. Et deserunt inventore fugit eum laboriosam odit. Debitis itaque et facere minima provident.,,,0,"quo.jpg,quidem.jpg,eum.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,13979, +,1,soluta,,Voluptatem odit quis nisi repellat cumque dolore. Et et natus et inventore.,Et et hic id cumque. Quia nulla tempore quo voluptas porro. Iste dolorem cum maxime sunt iure velit. Aut et excepturi ut placeat corrupti odio ad.,,,0,"et.jpg,repudiandae.jpg,aliquam.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,97903, +,1,illum,,Quia quis et at nobis quia. Qui qui dolorem rem voluptatum sit. Voluptatem eaque mollitia tempora maiores consequatur hic omnis. Explicabo quo fuga natus aut ad et enim enim. Nihil aut non quia labore officia omnis.,Quo id minima sit voluptatum aut officia ea. Amet distinctio beatae aperiam alias rem. Hic eum non voluptates. Eligendi facilis sed illo consequuntur explicabo.,,,0,"fugiat.jpg,omnis.jpg,nisi.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,31766, +,1,quis,,Iure rerum laboriosam et porro modi. Minus ad perferendis non quae. Quibusdam dolorem unde magni impedit eum id facere. Doloribus sunt aut libero soluta possimus.,Excepturi veniam illo rerum eum. Debitis autem ratione quisquam dignissimos ullam illo. At voluptatibus autem reiciendis officia neque magni. Sapiente dolores aliquam sed excepturi in.,,,0,"qui.jpg,exercitationem.jpg,nulla.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,26668, +,1,debitis,,Accusamus quos eum eum sed. Commodi ut aut amet repudiandae. Illo repudiandae exercitationem non aut consequuntur est natus.,Vel aut accusamus quae et et non ipsam. Omnis voluptas vitae saepe velit voluptates. Consequatur vitae qui est enim porro et. Est rerum molestias quis quod.,,,0,"qui.jpg,commodi.jpg,ut.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,16082, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,6,,fork-01-new,,1,,115000,110000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,5,,fork-02-new,,1,,95000,93000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,4,,fork-03-new,,1,,75000,74000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,6,,fork-04,,1,,95000,93000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,5,,fork-05,,1,,50000,49000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,4,,fork-06,,1,,35000,34500, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,6,,fork-07,,1,,,18000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,5,,fork-08,,1,,,13000, +1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B +Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B +ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,4,,fork-09,,1,,,5000, +2,1,p[R[^[,,," +p[R[^[̓R[q[̕ZbgĒ΂ɂĒołB +AEghAłꂽẴR[q[y݂܂B +܂A̍q‚łB",,,0,"cafe-1.jpg,cafe-2.jpg,cafe-3.jpg","1,4,6","1",1,,,,cafe-01,100,0,5,3000,2800, From b8b84b029036bf9b86cbe823ea41f637275d0dfb Mon Sep 17 00:00:00 2001 From: kurozumi Date: Fri, 9 Jul 2021 09:40:17 +0900 Subject: [PATCH 5/8] =?UTF-8?q?composer.json=E4=BF=AE=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- composer.json | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) diff --git a/composer.json b/composer.json index 3cb2a42ada3..dea9adad5e9 100644 --- a/composer.json +++ b/composer.json @@ -186,23 +186,12 @@ }, "config": { "platform": { - "php": "7.4.20" + "php": "7.1.3" }, "preferred-install": { "*": "dist" }, "optimize-autoloader": true, "sort-packages": true - }, - "repositories": { - "eccube": { - "type": "composer", - "url": "https://package-api-41beta.ec-cube.net", - "options": { - "http": { - "header": ["X-ECCUBE-KEY: abcxyzABCXYZ123098"] - } - } - } } } From 3b770bc7efd674ab7299b0c5cbff8e0b1e60d9e9 Mon Sep 17 00:00:00 2001 From: kurozumi Date: Fri, 9 Jul 2021 09:47:58 +0900 Subject: [PATCH 6/8] =?UTF-8?q?=E4=B8=8D=E8=A6=81=E3=81=AA=E3=83=95?= =?UTF-8?q?=E3=82=A1=E3=82=A4=E3=83=AB=E5=89=8A=E9=99=A4?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Tests/Web/Admin/Product/categories.csv | 7 ---- .../Tests/Web/Admin/Product/products.csv | 42 ------------------- 2 files changed, 49 deletions(-) delete mode 100644 tests/Eccube/Tests/Web/Admin/Product/categories.csv delete mode 100644 tests/Eccube/Tests/Web/Admin/Product/products.csv diff --git a/tests/Eccube/Tests/Web/Admin/Product/categories.csv b/tests/Eccube/Tests/Web/Admin/Product/categories.csv deleted file mode 100644 index f61ebbd3b12..00000000000 --- a/tests/Eccube/Tests/Web/Admin/Product/categories.csv +++ /dev/null @@ -1,7 +0,0 @@ -JeSID,JeS,eJeSID,JeS폜tO -2,CeA,, -1,Lb`c[,, -4,,1, -3,H,1,0 -5,tH[N,3, -6,V,,0 diff --git a/tests/Eccube/Tests/Web/Admin/Product/products.csv b/tests/Eccube/Tests/Web/Admin/Product/products.csv deleted file mode 100644 index 612bdb523bb..00000000000 --- a/tests/Eccube/Tests/Web/Admin/Product/products.csv +++ /dev/null @@ -1,42 +0,0 @@ -iID,JXe[^X(ID),i,Vbvp,i(ꗗ),i(ڍ),[h,t[GA,i폜tO,i摜,iJeS(ID),^O(ID),̔(ID),Ki1(ID),Ki2(ID),ڈ(ID),iR[h,݌ɐ,݌ɐtO,̔,ʏ퉿i,̔i, -,1,aut,,Assumenda qui vero et enim magni temporibus voluptas. Accusantium excepturi non ab neque tempora reprehenderit. Nobis non soluta ipsa dolorem ipsa blanditiis quae.,Quis dolorum doloremque recusandae enim laborum. Consequuntur aut ex doloribus. Tempore id est qui in.,,,0,"dolore.jpg,quo.jpg,omnis.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,51791, -,1,eligendi,,Consequatur voluptas magnam enim expedita. Perspiciatis ut optio sit et debitis. Incidunt placeat repudiandae aspernatur qui nam minus. Sed ex itaque quia et adipisci dolorum.,Reiciendis qui quam quidem possimus amet a quas. Ut sequi ducimus officia. Dolores molestias aut dolores ipsam sapiente sit accusamus non. Nisi hic dicta similique ut animi quibusdam vero.,,,0,"officia.jpg,blanditiis.jpg,aliquam.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,82896, -,1,fugit,,Corrupti iusto sed possimus corporis ut porro minus voluptatem. Iure aut ipsum repellat iste ab.,Quos pariatur repellat iusto non qui ut nam. Soluta iusto ut aut impedit temporibus. Nihil debitis accusantium illo laborum culpa amet. Quibusdam necessitatibus laboriosam vitae odio in sit.,,,0,"magni.jpg,tempore.jpg,debitis.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,19857, -,1,voluptatem,,Sapiente a reiciendis consequatur. Et eaque hic eius ducimus et in. Sed voluptatum fugit vero recusandae. Perferendis sunt reprehenderit sapiente recusandae.,Ratione laboriosam ducimus deleniti et. Dolores ut quos eos aperiam. Reprehenderit officiis facilis itaque. Dolorum enim maiores facilis dolor eligendi nihil optio.,,,0,"velit.jpg,id.jpg,cumque.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,21521, -,1,harum,,Cum rerum laudantium unde laboriosam sit ipsam voluptatem commodi. Deleniti iure accusamus laboriosam ut qui eum. Quae assumenda dolor beatae ut quibusdam laudantium. Sed amet consequuntur in a.,Molestiae odio fugit dolore sit. Ipsa ut aliquid labore et iure est quam dignissimos.,,,0,"aut.jpg,commodi.jpg,vero.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,39925, -,1,aut,,Est quibusdam aut ut sunt. Deleniti ex est impedit ullam ea veniam. Asperiores ducimus dignissimos similique aliquid dicta laboriosam.,Aperiam non culpa illo sit assumenda magni porro. Consequatur optio ea iure iure sed similique. Et deserunt inventore fugit eum laboriosam odit. Debitis itaque et facere minima provident.,,,0,"quo.jpg,quidem.jpg,eum.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,13979, -,1,soluta,,Voluptatem odit quis nisi repellat cumque dolore. Et et natus et inventore.,Et et hic id cumque. Quia nulla tempore quo voluptas porro. Iste dolorem cum maxime sunt iure velit. Aut et excepturi ut placeat corrupti odio ad.,,,0,"et.jpg,repudiandae.jpg,aliquam.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,97903, -,1,illum,,Quia quis et at nobis quia. Qui qui dolorem rem voluptatum sit. Voluptatem eaque mollitia tempora maiores consequatur hic omnis. Explicabo quo fuga natus aut ad et enim enim. Nihil aut non quia labore officia omnis.,Quo id minima sit voluptatum aut officia ea. Amet distinctio beatae aperiam alias rem. Hic eum non voluptates. Eligendi facilis sed illo consequuntur explicabo.,,,0,"fugiat.jpg,omnis.jpg,nisi.jpg","1,2,3,4,5,6",2,1,,,,,10,0,,,31766, -,1,quis,,Iure rerum laboriosam et porro modi. Minus ad perferendis non quae. Quibusdam dolorem unde magni impedit eum id facere. Doloribus sunt aut libero soluta possimus.,Excepturi veniam illo rerum eum. Debitis autem ratione quisquam dignissimos ullam illo. At voluptatibus autem reiciendis officia neque magni. Sapiente dolores aliquam sed excepturi in.,,,0,"qui.jpg,exercitationem.jpg,nulla.jpg","1,2,3,4,5,6","1,2",1,,,,,10,0,,,26668, -,1,debitis,,Accusamus quos eum eum sed. Commodi ut aut amet repudiandae. Illo repudiandae exercitationem non aut consequuntur est natus.,Vel aut accusamus quae et et non ipsam. Omnis voluptas vitae saepe velit voluptates. Consequatur vitae qui est enim porro et. Est rerum molestias quis quod.,,,0,"qui.jpg,commodi.jpg,ut.jpg","1,2,3,4,5,6",1,1,,,,,10,0,,,16082, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,6,,fork-01-new,,1,,115000,110000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,5,,fork-02-new,,1,,95000,93000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,3,4,,fork-03-new,,1,,75000,74000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,6,,fork-04,,1,,95000,93000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,5,,fork-05,,1,,50000,49000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,2,4,,fork-06,,1,,35000,34500, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,6,,fork-07,,1,,,18000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,5,,fork-08,,1,,,13000, -1,1,fBi[tH[N,,,"ZbgőfBi[p̃Jg[B -Ԃ̋␻́AVo[L̔PƏ_炩ȋȐłBKxȏd݂Ɠ{l̎ɍ₷TCYŒp܂B -ōv`itH[ŃA蕨ƂĂlCłB",,,0,"fork-1.jpg,fork-2.jpg,fork-3.jpg","5,6","1,2",1,1,4,,fork-09,,1,,,5000, -2,1,p[R[^[,,," -p[R[^[̓R[q[̕ZbgĒ΂ɂĒołB -AEghAłꂽẴR[q[y݂܂B -܂A̍q‚łB",,,0,"cafe-1.jpg,cafe-2.jpg,cafe-3.jpg","1,4,6","1",1,,,,cafe-01,100,0,5,3000,2800, From facc0fc2d8f22b9dd5c9f74d8f0478da2f3d0481 Mon Sep 17 00:00:00 2001 From: kurozumi Date: Fri, 9 Jul 2021 09:54:36 +0900 Subject: [PATCH 7/8] =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88=E4=BF=AE?= =?UTF-8?q?=E6=AD=A3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Eccube/Tests/Web/EntryControllerTest.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/tests/Eccube/Tests/Web/EntryControllerTest.php b/tests/Eccube/Tests/Web/EntryControllerTest.php index 7efceb7d77d..dafb44955eb 100644 --- a/tests/Eccube/Tests/Web/EntryControllerTest.php +++ b/tests/Eccube/Tests/Web/EntryControllerTest.php @@ -279,7 +279,7 @@ public function testActivateWithAbort() public function testConfirmWithDangerousText() { $formData = $this->createFormData(); - $formData['address']['addr01'] = ''; + $formData['company_name'] = ''; $crawler = $this->client->request('POST', $this->generateUrl('entry'), @@ -289,9 +289,8 @@ public function testConfirmWithDangerousText() ] ); - self::assertEquals('新規会員登録', $crawler->filter('.ec-pageHeader > h1')->text()); - self::assertCount(1, $crawler->filter('.ec-errorMessage')); - self::assertTrue($this->client->getResponse()->isSuccessful()); + self::assertEquals('新規会員登録(確認)', $crawler->filter('.ec-pageHeader > h1')->text()); + self::assertEquals('<script>alert()</script>', $crawler->filter('#entry_company_name')->attr('value')); } public function testConfirmWithAmpersand() From 3e76c77b24fb578cc8c43b30bf13acb1caa6ed7a Mon Sep 17 00:00:00 2001 From: kurozumi Date: Fri, 9 Jul 2021 10:33:51 +0900 Subject: [PATCH 8/8] =?UTF-8?q?<>=E3=82=92=E5=85=A8=E8=A7=92=E5=A4=89?= =?UTF-8?q?=E6=8F=9B=E5=AF=BE=E8=B1=A1=E3=81=AB=E3=81=97=E3=81=9F=E3=81=AE?= =?UTF-8?q?=E3=81=A7=E3=83=86=E3=82=B9=E3=83=88=E8=A6=8B=E7=9B=B4=E3=81=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- tests/Eccube/Tests/Web/ContactControllerTest.php | 4 ++-- tests/Eccube/Tests/Web/EntryControllerTest.php | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/tests/Eccube/Tests/Web/ContactControllerTest.php b/tests/Eccube/Tests/Web/ContactControllerTest.php index 2b6b0411d9f..6b8f3554ca5 100644 --- a/tests/Eccube/Tests/Web/ContactControllerTest.php +++ b/tests/Eccube/Tests/Web/ContactControllerTest.php @@ -125,12 +125,12 @@ public function testCompleteWithSanitize() $this->actual = $Message->getSubject(); $this->verify(); - $this->assertNotContains('', $Message->getBody(), 'テキストメールがサニタイズされている'); + $this->assertContains('<Sanitize&>', $Message->getBody(), 'テキストメールがサニタイズされている'); $MultiPart = $Message->getChildren(); foreach ($MultiPart as $Part) { if ($Part->getContentType() == 'text/html') { - $this->assertNotContains('', $Part->getBody(), 'HTMLメールがサニタイズされている'); + $this->assertContains('<Sanitize&>', $Part->getBody(), 'HTMLメールがサニタイズされている'); } } } diff --git a/tests/Eccube/Tests/Web/EntryControllerTest.php b/tests/Eccube/Tests/Web/EntryControllerTest.php index dafb44955eb..d3fed8295bf 100644 --- a/tests/Eccube/Tests/Web/EntryControllerTest.php +++ b/tests/Eccube/Tests/Web/EntryControllerTest.php @@ -190,12 +190,12 @@ public function testCompleteWithActivateWithMultipartSanitize() $this->actual = $Message->getSubject(); $this->verify(); - $this->assertNotContains('', $Message->getBody(), 'テキストメールがサニタイズされている'); + $this->assertContains('<Sanitize&>', $Message->getBody(), 'テキストメールがサニタイズされている'); $MultiPart = $Message->getChildren(); foreach ($MultiPart as $Part) { if ($Part->getContentType() == 'text/html') { - $this->assertNotContains('', $Part->getBody(), 'HTMLメールがサニタイズされている'); + $this->assertContains('<Sanitize&>', $Part->getBody(), 'HTMLメールがサニタイズされている'); } } }