Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenDocCN
yii2_fecshop
提交
13fc05ef
Y
yii2_fecshop
项目概览
OpenDocCN
/
yii2_fecshop
通知
17
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Y
yii2_fecshop
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
13fc05ef
编写于
5月 18, 2017
作者:
R
root
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
优化xss攻击字符过滤部分代码
上级
11ecc08b
变更
33
隐藏空白更改
内联
并排
Showing
33 changed file
with
88 addition
and
157 deletion
+88
-157
app/appfront/modules/Catalog/controllers/ReviewproductController.php
...t/modules/Catalog/controllers/ReviewproductController.php
+3
-7
app/appfront/modules/Catalogsearch/block/index/Index.php
app/appfront/modules/Catalogsearch/block/index/Index.php
+1
-1
app/appfront/modules/Checkout/block/onepage/Index.php
app/appfront/modules/Checkout/block/onepage/Index.php
+5
-5
app/appfront/modules/Checkout/block/onepage/Placeorder.php
app/appfront/modules/Checkout/block/onepage/Placeorder.php
+4
-19
app/appfront/modules/Checkout/controllers/CartController.php
app/appfront/modules/Checkout/controllers/CartController.php
+4
-4
app/appfront/modules/Customer/block/address/Edit.php
app/appfront/modules/Customer/block/address/Edit.php
+1
-3
app/appfront/modules/Customer/block/contacts/Index.php
app/appfront/modules/Customer/block/contacts/Index.php
+3
-7
app/appfront/modules/Customer/block/editaccount/Index.php
app/appfront/modules/Customer/block/editaccount/Index.php
+5
-7
app/appfront/modules/Customer/block/newsletter/Index.php
app/appfront/modules/Customer/block/newsletter/Index.php
+2
-2
app/appfront/modules/Customer/controllers/AccountController.php
...pfront/modules/Customer/controllers/AccountController.php
+2
-4
app/appfront/modules/Payment/block/paypal/express/Placeorder.php
...front/modules/Payment/block/paypal/express/Placeorder.php
+1
-10
app/appfront/modules/Payment/block/paypal/express/Review.php
app/appfront/modules/Payment/block/paypal/express/Review.php
+1
-1
app/appfront/theme/base/front/catalog/category/index/filter/refineby.php
...eme/base/front/catalog/category/index/filter/refineby.php
+2
-2
app/appfront/theme/base/front/site/helper/error.php
app/appfront/theme/base/front/site/helper/error.php
+3
-3
app/appfront/theme/base/front/widgets/topsearch.php
app/appfront/theme/base/front/widgets/topsearch.php
+2
-2
app/apphtml5/modules/Catalog/controllers/ReviewproductController.php
...5/modules/Catalog/controllers/ReviewproductController.php
+1
-7
app/apphtml5/modules/Catalogsearch/block/index/Index.php
app/apphtml5/modules/Catalogsearch/block/index/Index.php
+1
-1
app/apphtml5/modules/Checkout/block/onepage/Index.php
app/apphtml5/modules/Checkout/block/onepage/Index.php
+5
-5
app/apphtml5/modules/Checkout/block/onepage/Placeorder.php
app/apphtml5/modules/Checkout/block/onepage/Placeorder.php
+3
-17
app/apphtml5/modules/Checkout/controllers/CartController.php
app/apphtml5/modules/Checkout/controllers/CartController.php
+4
-4
app/apphtml5/modules/Customer/block/address/Edit.php
app/apphtml5/modules/Customer/block/address/Edit.php
+1
-3
app/apphtml5/modules/Customer/block/contacts/Index.php
app/apphtml5/modules/Customer/block/contacts/Index.php
+3
-5
app/apphtml5/modules/Customer/block/editaccount/Index.php
app/apphtml5/modules/Customer/block/editaccount/Index.php
+2
-4
app/apphtml5/modules/Customer/block/newsletter/Index.php
app/apphtml5/modules/Customer/block/newsletter/Index.php
+2
-2
app/apphtml5/modules/Customer/controllers/AccountController.php
...phtml5/modules/Customer/controllers/AccountController.php
+1
-5
app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
...html5/modules/Payment/block/paypal/express/Placeorder.php
+1
-9
app/apphtml5/modules/Payment/block/paypal/express/Review.php
app/apphtml5/modules/Payment/block/paypal/express/Review.php
+1
-1
app/apphtml5/modules/Payment/controllers/paypal/StandardController.php
...modules/Payment/controllers/paypal/StandardController.php
+10
-3
app/apphtml5/theme/base/html5/catalog/category/index/filter/refineby.php
...eme/base/html5/catalog/category/index/filter/refineby.php
+2
-2
app/apphtml5/theme/base/html5/site/helper/error.php
app/apphtml5/theme/base/html5/site/helper/error.php
+3
-3
app/apphtml5/theme/base/html5/widgets/topsearch.php
app/apphtml5/theme/base/html5/widgets/topsearch.php
+2
-2
services/email/views/customer/account/login/body_en.php
services/email/views/customer/account/login/body_en.php
+4
-4
services/payment/Paypal.php
services/payment/Paypal.php
+3
-3
未找到文件。
app/appfront/modules/Catalog/controllers/ReviewproductController.php
浏览文件 @
13fc05ef
...
...
@@ -35,18 +35,14 @@ class ReviewproductController extends AppfrontController
}
$editForm
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
!
empty
(
$editForm
)
&&
is_array
(
$editForm
)
){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
if
(
!
empty
(
$editForm
)
&&
is_array
(
$editForm
)
){
$saveStatus
=
$this
->
getBlock
()
->
saveReview
(
$editForm
);
if
(
$saveStatus
){
$spu
=
Yii
::
$app
->
request
->
get
(
'spu'
);
$_id
=
Yii
::
$app
->
request
->
get
(
'_id'
);
$spu
=
\
yii\helpers\Html
::
e
ncode
(
$spu
);
$_id
=
\
yii\helpers\Html
::
e
ncode
(
$_id
);
$spu
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$spu
);
$_id
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$_id
);
if
(
$spu
&&
$_id
){
$url
=
Yii
::
$service
->
url
->
getUrl
(
'catalog/reviewproduct/lists'
,[
'spu'
=>
$spu
,
'_id'
=>
$_id
]);
$this
->
redirect
(
$url
);
...
...
app/appfront/modules/Catalogsearch/block/index/Index.php
浏览文件 @
13fc05ef
...
...
@@ -364,7 +364,7 @@ class Index {
//$category = Yii::$service->category->getByPrimaryKey($primaryVal);
//$this->_category = $category ;
$searchText
=
Yii
::
$app
->
request
->
get
(
'q'
);
$searchText
=
\
yii\helpers\Html
::
e
ncode
(
$searchText
);
$searchText
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$searchText
);
$this
->
_searchText
=
$searchText
;
$search_page_title_format
=
Yii
::
$app
->
controller
->
module
->
params
[
'search_page_title_format'
];
$search_page_meta_keywords_format
=
Yii
::
$app
->
controller
->
module
->
params
[
'search_page_meta_keywords_format'
];
...
...
app/appfront/modules/Checkout/block/onepage/Index.php
浏览文件 @
13fc05ef
...
...
@@ -251,7 +251,7 @@ class Index {
*/
public
function
ajaxChangecountry
(){
$country
=
Yii
::
$app
->
request
->
get
(
'country'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$state
=
$this
->
initState
(
$country
);
echo
json_encode
([
'state'
=>
$this
->
_stateHtml
,
...
...
@@ -473,10 +473,10 @@ class Index {
$shipping_method
=
Yii
::
$app
->
request
->
get
(
'shipping_method'
);
$address_id
=
Yii
::
$app
->
request
->
get
(
'address_id'
);
$state
=
Yii
::
$app
->
request
->
get
(
'state'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$shipping_method
=
\
yii\helpers\Html
::
e
ncode
(
$shipping_method
);
$address_id
=
\
yii\helpers\Html
::
e
ncode
(
$address_id
);
$state
=
\
yii\helpers\Html
::
e
ncode
(
$state
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$shipping_method
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$shipping_method
);
$address_id
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$address_id
);
$state
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$state
);
if
(
$address_id
){
$this
->
_address_id
=
$address_id
;
$addressModel
=
Yii
::
$service
->
customer
->
address
->
getByPrimaryKey
(
$this
->
_address_id
);
...
...
app/appfront/modules/Checkout/block/onepage/Placeorder.php
浏览文件 @
13fc05ef
...
...
@@ -34,25 +34,10 @@ class Placeorder{
$post
=
Yii
::
$app
->
request
->
post
();
if
(
is_array
(
$post
)
&&
!
empty
(
$post
)){
/**
* 对传递的数据,去除掉非法xss攻击部分内容(通过\
yii\helpers\Html::e
ncode())
* 对传递的数据,去除掉非法xss攻击部分内容(通过\
Yii::$service->helper->htmlE
ncode())
*/
foreach
(
$post
as
$k
=>
$v
){
if
(
is_array
(
$v
)){
foreach
(
$v
as
$vk
=>
$vv
){
if
(
is_array
(
$vv
)){
foreach
(
$vv
as
$vvk
=>
$vvv
){
$post
[
$k
][
$vk
][
$vvk
]
=
\
yii\helpers\Html
::
encode
(
$vvv
);
}
}
else
{
$post
[
$k
][
$vk
]
=
\
yii\helpers\Html
::
encode
(
$vv
);
}
}
}
else
{
$post
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
# 检查前台传递的数据的完整性
if
(
$this
->
checkOrderInfoAndInit
(
$post
)){
$post
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$post
);
# 检查前台传递的数据的完整($this->checkOrderInfoAndInit($post)){
# 如果游客用户勾选了注册账号,则注册,登录,并把地址写入到用户的address中
$gus_status
=
$this
->
guestCreateAndLoginAccount
(
$post
);
$save_address_status
=
$this
->
updateAddress
(
$post
);
...
...
@@ -266,4 +251,4 @@ class Placeorder{
}
\ No newline at end of file
}
app/appfront/modules/Checkout/controllers/CartController.php
浏览文件 @
13fc05ef
...
...
@@ -31,9 +31,9 @@ class CartController extends AppfrontController
$custom_option
=
Yii
::
$app
->
request
->
post
(
'custom_option'
);
$product_id
=
Yii
::
$app
->
request
->
post
(
'product_id'
);
$qty
=
Yii
::
$app
->
request
->
post
(
'qty'
);
//$custom_option = \
yii\helpers\Html::e
ncode($custom_option);
$product_id
=
\
yii\helpers\Html
::
e
ncode
(
$product_id
);
$qty
=
\
yii\helpers\Html
::
e
ncode
(
$qty
);
//$custom_option = \
Yii::$service->helper->htmlE
ncode($custom_option);
$product_id
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$product_id
);
$qty
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$qty
);
$qty
=
abs
(
ceil
((
int
)
$qty
));
if
(
$qty
&&
$product_id
){
if
(
$custom_option
){
...
...
@@ -82,7 +82,7 @@ class CartController extends AppfrontController
exit
;
}
$coupon_code
=
trim
(
Yii
::
$app
->
request
->
post
(
'coupon_code'
));
$coupon_code
=
\
yii\helpers\Html
::
e
ncode
(
$coupon_code
);
$coupon_code
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$coupon_code
);
if
(
$coupon_code
){
Yii
::
$service
->
cart
->
coupon
->
addCoupon
(
$coupon_code
);
$error_arr
=
Yii
::
$service
->
helper
->
errors
->
get
(
true
);
...
...
app/appfront/modules/Customer/block/address/Edit.php
浏览文件 @
13fc05ef
...
...
@@ -27,9 +27,7 @@ class Edit {
$address
=
Yii
::
$app
->
request
->
post
(
'address'
);
$isSave
=
0
;
if
(
is_array
(
$address
)
&&
!
empty
(
$address
)){
foreach
(
$address
as
$k
=>
$v
){
$address
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$address
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$address
);
$this
->
save
(
$address
);
$isSave
=
1
;
}
...
...
app/appfront/modules/Customer/block/contacts/Index.php
浏览文件 @
13fc05ef
...
...
@@ -35,11 +35,7 @@ class Index {
$editForm
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
is_array
(
$editForm
)
&&
!
empty
(
$editForm
)){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
$name
=
isset
(
$editForm
[
'name'
])
?
$editForm
[
'name'
]
:
''
;
$email
=
isset
(
$editForm
[
'email'
])
?
$editForm
[
'email'
]
:
''
;
$telephone
=
isset
(
$editForm
[
'telephone'
])
?
$editForm
[
'telephone'
]
:
''
;
...
...
@@ -92,7 +88,7 @@ class Index {
}
$captcha
=
Yii
::
$app
->
request
->
post
(
'sercrity_code'
);
$captcha
=
\
yii\helpers\Html
::
e
ncode
(
$captcha
);
$captcha
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$captcha
);
$contacts
=
Yii
::
$app
->
getModule
(
"customer"
)
->
params
[
'contacts'
];
$contactsCaptcha
=
isset
(
$contacts
[
'contactsCaptcha'
])
?
$contacts
[
'contactsCaptcha'
]
:
false
;
...
...
@@ -115,4 +111,4 @@ class Index {
}
}
\ No newline at end of file
}
app/appfront/modules/Customer/block/editaccount/Index.php
浏览文件 @
13fc05ef
...
...
@@ -32,14 +32,12 @@ class Index {
*/
public
function
saveAccount
(
$editForm
){
if
(
is_array
(
$editForm
)
&&
!
empty
(
$editForm
)){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
$identity
=
Yii
::
$app
->
user
->
identity
;
$firstname
=
$editForm
[
'firstname'
]
?
$editForm
[
'firstname'
]
:
''
;
$lastname
=
$editForm
[
'lastname'
]
?
$editForm
[
'lastname'
]
:
''
;
$firstname
=
$editForm
[
'firstname'
]
?
$editForm
[
'firstname'
]
:
''
;
$lastname
=
$editForm
[
'lastname'
]
?
$editForm
[
'lastname'
]
:
''
;
$current_password
=
$editForm
[
'current_password'
]
?
$editForm
[
'current_password'
]
:
''
;
$password
=
$editForm
[
'password'
]
?
$editForm
[
'password'
]
:
''
;
$password
=
$editForm
[
'password'
]
?
$editForm
[
'password'
]
:
''
;
$confirmation
=
$editForm
[
'confirmation'
]
?
$editForm
[
'confirmation'
]
:
''
;
$change_password
=
$editForm
[
'change_password'
]
?
$editForm
[
'change_password'
]
:
''
;
...
...
@@ -102,4 +100,4 @@ class Index {
}
\ No newline at end of file
}
app/appfront/modules/Customer/block/newsletter/Index.php
浏览文件 @
13fc05ef
...
...
@@ -20,7 +20,7 @@ class Index {
public
function
getLastData
(){
$email
=
Yii
::
$app
->
request
->
get
(
'email'
);
$email
=
\
yii\helpers\Html
::
e
ncode
(
$email
);
$email
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$email
);
$status
=
Yii
::
$service
->
customer
->
newsletter
->
subscribe
(
$email
);
$message
=
Yii
::
$service
->
helper
->
errors
->
get
();
if
(
!
$message
){
...
...
@@ -36,4 +36,4 @@ class Index {
}
\ No newline at end of file
}
app/appfront/modules/Customer/controllers/AccountController.php
浏览文件 @
13fc05ef
...
...
@@ -68,9 +68,7 @@ class AccountController extends AppfrontController
}
$param
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
!
empty
(
$param
)
&&
is_array
(
$param
)){
foreach
(
$param
as
$k
=>
$v
){
$param
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$param
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$param
);
$registerStatus
=
$this
->
getBlock
()
->
register
(
$param
);
//echo $registerStatus;exit;
if
(
$registerStatus
){
...
...
@@ -104,7 +102,7 @@ class AccountController extends AppfrontController
}
if
(
$rt
){
$redirectUrl
=
base64_decode
(
$rt
);
$redirectUrl
=
\
yii\helpers\Html
::
e
ncode
(
$redirectUrl
);
$redirectUrl
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$redirectUrl
);
//exit;
Yii
::
$service
->
url
->
redirect
(
$redirectUrl
);
}
else
{
...
...
app/appfront/modules/Payment/block/paypal/express/Placeorder.php
浏览文件 @
13fc05ef
...
...
@@ -35,16 +35,7 @@ class Placeorder {
public
function
getLastData
(){
$post
=
Yii
::
$app
->
request
->
post
();
if
(
is_array
(
$post
)
&&
!
empty
(
$post
)){
# post 是二维数组,需要多层处理
foreach
(
$post
as
$k
=>
$v
){
if
(
is_array
(
$v
)){
foreach
(
$v
as
$k2
=>
$v2
){
$post
[
$k
][
$k2
]
=
\
yii\helpers\Html
::
encode
(
$v2
);
}
}
else
{
$post
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$post
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$post
);
# 设置paypal快捷支付
$post
[
'payment_method'
]
=
Yii
::
$service
->
payment
->
paypal
->
express_payment_method
;
# 检查前台传递的数据的完整性
...
...
app/appfront/modules/Payment/block/paypal/express/Review.php
浏览文件 @
13fc05ef
...
...
@@ -226,7 +226,7 @@ class Review {
*/
public
function
ajaxChangecountry
(){
$country
=
Yii
::
$app
->
request
->
get
(
'country'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$state
=
$this
->
initState
(
$country
);
echo
json_encode
([
'state'
=>
$this
->
_stateHtml
,
...
...
app/appfront/theme/base/front/catalog/category/index/filter/refineby.php
浏览文件 @
13fc05ef
...
...
@@ -3,8 +3,8 @@
<div
class=
"filter_attr_title"
>
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Refine By'
);
?>
</div>
<div
class=
"filter_refine_by_content"
>
<?php
foreach
(
$parentThis
[
'refine_by_info'
]
as
$one
){
?>
<?php
$name
=
\
yii\helpers\Html
::
e
ncode
(
$one
[
'name'
]);
?>
<?php
$url
=
\
yii\helpers\Html
::
e
ncode
(
$one
[
'url'
]);
?>
<?php
$name
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$one
[
'name'
]);
?>
<?php
$url
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$one
[
'url'
]);
?>
<div><a
href=
"
<?=
$url
?>
"
><i
class=
"closeBtn c_tagbg"
></i><span>
<?=
Yii
::
$service
->
page
->
translate
->
__
(
$name
);
?>
</span></a></div>
<?php
}
?>
</div>
...
...
app/appfront/theme/base/front/site/helper/error.php
浏览文件 @
13fc05ef
...
...
@@ -20,10 +20,10 @@ $this->title = $name;
<!--
<div class="site-error">
<h1>
<?=
Html
::
e
ncode
(
$this
->
title
)
?>
</h1>
<h1>
<?=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$this
->
title
)
?>
</h1>
<div class="alert alert-danger">
<?=
nl2br
(
Html
::
e
ncode
(
$message
))
?>
<?=
nl2br
(
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$message
))
?>
</div>
<p>
...
...
@@ -35,4 +35,4 @@ $this->title = $name;
</div>
-->
</div>
\ No newline at end of file
</div>
app/appfront/theme/base/front/widgets/topsearch.php
浏览文件 @
13fc05ef
<form
method=
"get"
name=
"searchFrom"
class=
"js_topSeachForm"
action=
"
<?=
Yii
::
$service
->
url
->
getUrl
(
'catalogsearch/index'
);
?>
"
>
<div
class=
"top_seachBox"
>
<div
class=
"searchInput fl"
>
<input
type=
"text"
value=
"
<?=
\
yii\helpers\Html
::
e
ncode
(
Yii
::
$app
->
request
->
get
(
'q'
));
?>
"
maxlength=
"150"
placeholder=
"
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Products keyword'
);
?>
"
class=
"searchArea js_k2 ac_input"
name=
"q"
>
<input
type=
"text"
value=
"
<?=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
Yii
::
$app
->
request
->
get
(
'q'
));
?>
"
maxlength=
"150"
placeholder=
"
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Products keyword'
);
?>
"
class=
"searchArea js_k2 ac_input"
name=
"q"
>
</div>
<button
class=
"fl js_topSearch seachBtn"
type=
"submit"
><span
class=
"t_hidden"
>
search
</span></button>
<!-- <input type="hidden" class="category" value="0" name="category"> -->
</div>
<!--end .top_seachBox-->
</form>
\ No newline at end of file
</form>
app/apphtml5/modules/Catalog/controllers/ReviewproductController.php
浏览文件 @
13fc05ef
...
...
@@ -35,18 +35,12 @@ class ReviewproductController extends AppfrontController
}
$editForm
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
!
empty
(
$editForm
)
&&
is_array
(
$editForm
)
){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
if
(
!
empty
(
$editForm
)
&&
is_array
(
$editForm
)
){
$saveStatus
=
$this
->
getBlock
()
->
saveReview
(
$editForm
);
if
(
$saveStatus
){
$spu
=
Yii
::
$app
->
request
->
get
(
'spu'
);
$_id
=
Yii
::
$app
->
request
->
get
(
'_id'
);
$spu
=
\
yii\helpers\Html
::
encode
(
$spu
);
$_id
=
\
yii\helpers\Html
::
encode
(
$_id
);
if
(
$spu
&&
$_id
){
$url
=
Yii
::
$service
->
url
->
getUrl
(
'catalog/reviewproduct/lists'
,[
'spu'
=>
$spu
,
'_id'
=>
$_id
]);
$this
->
redirect
(
$url
);
...
...
app/apphtml5/modules/Catalogsearch/block/index/Index.php
浏览文件 @
13fc05ef
...
...
@@ -364,7 +364,7 @@ class Index {
//$category = Yii::$service->category->getByPrimaryKey($primaryVal);
//$this->_category = $category ;
$searchText
=
Yii
::
$app
->
request
->
get
(
'q'
);
$searchText
=
\
yii\helpers\Html
::
e
ncode
(
$searchText
);
$searchText
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$searchText
);
$this
->
_searchText
=
$searchText
;
$search_page_title_format
=
Yii
::
$app
->
controller
->
module
->
params
[
'search_page_title_format'
];
$search_page_meta_keywords_format
=
Yii
::
$app
->
controller
->
module
->
params
[
'search_page_meta_keywords_format'
];
...
...
app/apphtml5/modules/Checkout/block/onepage/Index.php
浏览文件 @
13fc05ef
...
...
@@ -251,7 +251,7 @@ class Index {
*/
public
function
ajaxChangecountry
(){
$country
=
Yii
::
$app
->
request
->
get
(
'country'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$state
=
$this
->
initState
(
$country
);
echo
json_encode
([
'state'
=>
$this
->
_stateHtml
,
...
...
@@ -473,10 +473,10 @@ class Index {
$shipping_method
=
Yii
::
$app
->
request
->
get
(
'shipping_method'
);
$address_id
=
Yii
::
$app
->
request
->
get
(
'address_id'
);
$state
=
Yii
::
$app
->
request
->
get
(
'state'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$shipping_method
=
\
yii\helpers\Html
::
e
ncode
(
$shipping_method
);
$address_id
=
\
yii\helpers\Html
::
e
ncode
(
$address_id
);
$state
=
\
yii\helpers\Html
::
e
ncode
(
$state
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$shipping_method
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$shipping_method
);
$address_id
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$address_id
);
$state
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$state
);
if
(
$address_id
){
$this
->
_address_id
=
$address_id
;
$addressModel
=
Yii
::
$service
->
customer
->
address
->
getByPrimaryKey
(
$this
->
_address_id
);
...
...
app/apphtml5/modules/Checkout/block/onepage/Placeorder.php
浏览文件 @
13fc05ef
...
...
@@ -34,23 +34,9 @@ class Placeorder{
$post
=
Yii
::
$app
->
request
->
post
();
if
(
is_array
(
$post
)
&&
!
empty
(
$post
)){
/**
* 对传递的数据,去除掉非法xss攻击部分内容(通过
\yii\helpers\Html::e
ncode())
* 对传递的数据,去除掉非法xss攻击部分内容(通过
\Yii::$service->helper->htmlE
ncode())
*/
foreach
(
$post
as
$k
=>
$v
){
if
(
is_array
(
$v
)){
foreach
(
$v
as
$vk
=>
$vv
){
if
(
is_array
(
$vv
)){
foreach
(
$vv
as
$vvk
=>
$vvv
){
$post
[
$k
][
$vk
][
$vvk
]
=
\
yii\helpers\Html
::
encode
(
$vvv
);
}
}
else
{
$post
[
$k
][
$vk
]
=
\
yii\helpers\Html
::
encode
(
$vv
);
}
}
}
else
{
$post
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$post
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$post
);
# 检查前台传递的数据的完整性
if
(
$this
->
checkOrderInfoAndInit
(
$post
)){
# 如果游客用户勾选了注册账号,则注册,登录,并把地址写入到用户的address中
...
...
@@ -266,4 +252,4 @@ class Placeorder{
}
\ No newline at end of file
}
app/apphtml5/modules/Checkout/controllers/CartController.php
浏览文件 @
13fc05ef
...
...
@@ -31,9 +31,9 @@ class CartController extends AppfrontController
$custom_option
=
Yii
::
$app
->
request
->
post
(
'custom_option'
);
$product_id
=
Yii
::
$app
->
request
->
post
(
'product_id'
);
$qty
=
Yii
::
$app
->
request
->
post
(
'qty'
);
//$custom_option = \
yii\helpers\Html::e
ncode($custom_option);
$product_id
=
\
yii\helpers\Html
::
e
ncode
(
$product_id
);
$qty
=
\
yii\helpers\Html
::
e
ncode
(
$qty
);
//$custom_option = \
Yii::$service->helper->htmlE
ncode($custom_option);
$product_id
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$product_id
);
$qty
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$qty
);
$qty
=
abs
(
ceil
((
int
)
$qty
));
if
(
$qty
&&
$product_id
){
if
(
$custom_option
){
...
...
@@ -82,7 +82,7 @@ class CartController extends AppfrontController
exit
;
}
$coupon_code
=
trim
(
Yii
::
$app
->
request
->
post
(
'coupon_code'
));
$coupon_code
=
\
yii\helpers\Html
::
e
ncode
(
$coupon_code
);
$coupon_code
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$coupon_code
);
if
(
$coupon_code
){
Yii
::
$service
->
cart
->
coupon
->
addCoupon
(
$coupon_code
);
$error_arr
=
Yii
::
$service
->
helper
->
errors
->
get
(
true
);
...
...
app/apphtml5/modules/Customer/block/address/Edit.php
浏览文件 @
13fc05ef
...
...
@@ -27,9 +27,7 @@ class Edit {
$address
=
Yii
::
$app
->
request
->
post
(
'address'
);
$isSave
=
0
;
if
(
is_array
(
$address
)
&&
!
empty
(
$address
)){
foreach
(
$address
as
$k
=>
$v
){
$address
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$address
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$address
);
$this
->
save
(
$address
);
$isSave
=
1
;
}
...
...
app/apphtml5/modules/Customer/block/contacts/Index.php
浏览文件 @
13fc05ef
...
...
@@ -36,9 +36,7 @@ class Index {
$editForm
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
is_array
(
$editForm
)
&&
!
empty
(
$editForm
)){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
}
$name
=
isset
(
$editForm
[
'name'
])
?
$editForm
[
'name'
]
:
''
;
$email
=
isset
(
$editForm
[
'email'
])
?
$editForm
[
'email'
]
:
''
;
...
...
@@ -92,7 +90,7 @@ class Index {
}
$captcha
=
Yii
::
$app
->
request
->
post
(
'sercrity_code'
);
$captcha
=
\
yii\helpers\Html
::
e
ncode
(
$captcha
);
$captcha
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$captcha
);
$contacts
=
Yii
::
$app
->
getModule
(
"customer"
)
->
params
[
'contacts'
];
$contactsCaptcha
=
isset
(
$contacts
[
'contactsCaptcha'
])
?
$contacts
[
'contactsCaptcha'
]
:
false
;
...
...
@@ -115,4 +113,4 @@ class Index {
}
}
\ No newline at end of file
}
app/apphtml5/modules/Customer/block/editaccount/Index.php
浏览文件 @
13fc05ef
...
...
@@ -32,9 +32,7 @@ class Index {
*/
public
function
saveAccount
(
$editForm
){
if
(
is_array
(
$editForm
)
&&
!
empty
(
$editForm
)){
foreach
(
$editForm
as
$k
=>
$v
){
$editForm
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$editForm
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$editForm
);
$identity
=
Yii
::
$app
->
user
->
identity
;
$firstname
=
$editForm
[
'firstname'
]
?
$editForm
[
'firstname'
]
:
''
;
$lastname
=
$editForm
[
'lastname'
]
?
$editForm
[
'lastname'
]
:
''
;
...
...
@@ -102,4 +100,4 @@ class Index {
}
\ No newline at end of file
}
app/apphtml5/modules/Customer/block/newsletter/Index.php
浏览文件 @
13fc05ef
...
...
@@ -20,7 +20,7 @@ class Index {
public
function
getLastData
(){
$email
=
Yii
::
$app
->
request
->
get
(
'email'
);
$email
=
\
yii\helpers\Html
::
e
ncode
(
$email
);
$email
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$email
);
$status
=
Yii
::
$service
->
customer
->
newsletter
->
subscribe
(
$email
);
$message
=
Yii
::
$service
->
helper
->
errors
->
get
();
if
(
!
$message
){
...
...
@@ -36,4 +36,4 @@ class Index {
}
\ No newline at end of file
}
app/apphtml5/modules/Customer/controllers/AccountController.php
浏览文件 @
13fc05ef
...
...
@@ -68,9 +68,7 @@ class AccountController extends AppfrontController
}
$param
=
Yii
::
$app
->
request
->
post
(
'editForm'
);
if
(
!
empty
(
$param
)
&&
is_array
(
$param
)){
foreach
(
$param
as
$k
=>
$v
){
$param
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$param
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$param
);
$registerStatus
=
$this
->
getBlock
()
->
register
(
$param
);
//echo $registerStatus;exit;
if
(
$registerStatus
){
...
...
@@ -104,8 +102,6 @@ class AccountController extends AppfrontController
}
if
(
$rt
){
$redirectUrl
=
base64_decode
(
$rt
);
$redirectUrl
=
\
yii\helpers\Html
::
encode
(
$redirectUrl
);
//exit;
Yii
::
$service
->
url
->
redirect
(
$redirectUrl
);
}
else
{
Yii
::
$service
->
url
->
redirect
(
Yii
::
$service
->
url
->
HomeUrl
());
...
...
app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
浏览文件 @
13fc05ef
...
...
@@ -36,15 +36,7 @@ class Placeorder {
$post
=
Yii
::
$app
->
request
->
post
();
if
(
is_array
(
$post
)
&&
!
empty
(
$post
)){
# post 是二维数组,需要多层处理
foreach
(
$post
as
$k
=>
$v
){
if
(
is_array
(
$v
)){
foreach
(
$v
as
$k2
=>
$v2
){
$post
[
$k
][
$k2
]
=
\
yii\helpers\Html
::
encode
(
$v2
);
}
}
else
{
$post
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
}
$post
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$post
);
# 设置paypal快捷支付
$post
[
'payment_method'
]
=
Yii
::
$service
->
payment
->
paypal
->
express_payment_method
;
# 检查前台传递的数据的完整性
...
...
app/apphtml5/modules/Payment/block/paypal/express/Review.php
浏览文件 @
13fc05ef
...
...
@@ -226,7 +226,7 @@ class Review {
*/
public
function
ajaxChangecountry
(){
$country
=
Yii
::
$app
->
request
->
get
(
'country'
);
$country
=
\
yii\helpers\Html
::
e
ncode
(
$country
);
$country
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$country
);
$state
=
$this
->
initState
(
$country
);
echo
json_encode
([
'state'
=>
$this
->
_stateHtml
,
...
...
app/apphtml5/modules/Payment/controllers/paypal/StandardController.php
浏览文件 @
13fc05ef
...
...
@@ -34,11 +34,18 @@ class StandardController extends AppfrontController
public
function
actionIpn
(){
\
Yii
::
info
(
'paypal ipn begin'
,
'fecshop_debug'
);
$post
=
Yii
::
$app
->
request
->
post
();
if
(
is_array
(
$post
)
&&
!
empty
(
$post
)){
foreach
(
$post
as
$k
=>
$v
){
$post
[
$k
]
=
\
yii\helpers\Html
::
encode
(
$v
);
}
$post
=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$post
);
ob_start
();
ob_implicit_flush
(
false
);
var_dump
(
$post
);
$post_log
=
ob_get_clean
();
\
Yii
::
info
(
$post_log
,
'fecshop_debug'
);
Yii
::
$service
->
payment
->
paypal
->
receiveIpn
(
$post
);
}
}
...
...
app/apphtml5/theme/base/html5/catalog/category/index/filter/refineby.php
浏览文件 @
13fc05ef
...
...
@@ -3,8 +3,8 @@
<div
class=
"filter_attr_title"
>
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Refine By'
);
?>
</div>
<div
class=
"filter_refine_by_content"
>
<?php
foreach
(
$parentThis
[
'refine_by_info'
]
as
$one
){
?>
<?php
$name
=
\
yii\helpers\Html
::
e
ncode
(
$one
[
'name'
]);
?>
<?php
$url
=
\
yii\helpers\Html
::
e
ncode
(
$one
[
'url'
]);
?>
<?php
$name
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$one
[
'name'
]);
?>
<?php
$url
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$one
[
'url'
]);
?>
<div><a
external
href=
"
<?=
$url
?>
"
><i
class=
"closeBtn c_tagbg"
></i><span>
<?=
Yii
::
$service
->
page
->
translate
->
__
(
$name
);
?>
</span></a></div>
<?php
}
?>
</div>
...
...
app/apphtml5/theme/base/html5/site/helper/error.php
浏览文件 @
13fc05ef
...
...
@@ -20,10 +20,10 @@ $this->title = $name;
<!--
<div class="site-error">
<h1>
<?=
Html
::
e
ncode
(
$this
->
title
)
?>
</h1>
<h1>
<?=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$this
->
title
)
?>
</h1>
<div class="alert alert-danger">
<?=
nl2br
(
Html
::
e
ncode
(
$message
))
?>
<?=
nl2br
(
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$message
))
?>
</div>
<p>
...
...
@@ -35,4 +35,4 @@ $this->title = $name;
</div>
-->
</div>
\ No newline at end of file
</div>
app/apphtml5/theme/base/html5/widgets/topsearch.php
浏览文件 @
13fc05ef
<form
method=
"get"
name=
"searchFrom"
class=
"js_topSeachForm"
action=
"
<?=
Yii
::
$service
->
url
->
getUrl
(
'catalogsearch/index'
);
?>
"
>
<div
class=
"top_seachBox"
>
<div
class=
"searchInput fl"
>
<input
type=
"text"
value=
"
<?=
\
yii\helpers\Html
::
e
ncode
(
Yii
::
$app
->
request
->
get
(
'q'
));
?>
"
maxlength=
"150"
placeholder=
"
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Products keyword'
);
?>
"
class=
"searchArea js_k2 ac_input"
name=
"q"
>
<input
type=
"text"
value=
"
<?=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
Yii
::
$app
->
request
->
get
(
'q'
));
?>
"
maxlength=
"150"
placeholder=
"
<?=
Yii
::
$service
->
page
->
translate
->
__
(
'Products keyword'
);
?>
"
class=
"searchArea js_k2 ac_input"
name=
"q"
>
</div>
<button
class=
"fl js_topSearch seachBtn"
type=
"submit"
><span
class=
"t_hidden"
>
search
</span></button>
<!-- <input type="hidden" class="category" value="0" name="category"> -->
</div>
<!--end .top_seachBox-->
</form>
\ No newline at end of file
</form>
services/email/views/customer/account/login/body_en.php
浏览文件 @
13fc05ef
...
...
@@ -5,8 +5,8 @@ use yii\helpers\Html;
/* @var $user common\models\User */
?>
Get
<?=
Html
::
e
ncode
(
$name
)
?>
, message
<br/>
Get
<?=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$name
)
?>
, message
<br/>
Store:"en"
<br/>
Email:
<?=
Html
::
encode
(
$email
)
?>
<br/>
Mobile:
<?=
Html
::
encode
(
$contactsPhone
)
?>
<br/>
Content:
<?=
Html
::
encode
(
$comment
)
?>
\ No newline at end of file
Email:
<?=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$email
)
?>
<br/>
Mobile:
<?=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$contactsPhone
)
?>
<br/>
Content:
<?=
\
Yii
::
$service
->
helper
->
htmlEncode
(
$comment
)
?>
services/payment/Paypal.php
浏览文件 @
13fc05ef
...
...
@@ -509,7 +509,7 @@ class Paypal extends Service
*/
public
function
setExpressToken
(){
$token
=
Yii
::
$app
->
request
->
get
(
'token'
);
$token
=
\
yii\helpers\Html
::
e
ncode
(
$token
);
$token
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$token
);
if
(
$token
){
Yii
::
$app
->
session
->
set
(
self
::
EXPRESS_TOKEN
,
$token
);
return
true
;
...
...
@@ -521,7 +521,7 @@ class Paypal extends Service
*/
public
function
setExpressPayerID
(){
$PayerID
=
Yii
::
$app
->
request
->
get
(
'PayerID'
);
$PayerID
=
\
yii\helpers\Html
::
e
ncode
(
$PayerID
);
$PayerID
=
\
Yii
::
$service
->
helper
->
htmlE
ncode
(
$PayerID
);
if
(
$PayerID
){
Yii
::
$app
->
session
->
set
(
self
::
EXPRESS_PAYER_ID
,
$PayerID
);
return
true
;
...
...
@@ -606,4 +606,4 @@ class Paypal extends Service
return
false
;
}
}
\ No newline at end of file
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录