From 8ef8d573beba5894a6dca2f93ff0f706ccd0f36a Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Wed, 9 Feb 2022 10:31:30 +0900
Subject: [PATCH 1/2] =?UTF-8?q?select=5Ffile=20=E3=81=AB=E7=A9=BA=E3=81=AE?=
 =?UTF-8?q?=E3=83=91=E3=83=A9=E3=83=A1=E3=83=BC=E3=82=BF=E3=82=92=E6=B8=A1?=
 =?UTF-8?q?=E3=81=9B=E3=81=AA=E3=81=84=E3=82=88=E3=81=86=E4=BF=AE=E6=AD=A3?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- `select_file=` にすると user_data 以下が削除されてしまう
- `is_null()` に空文字を渡すと false になるため `===` で判定する
---
 src/Eccube/Controller/Admin/Content/FileController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Eccube/Controller/Admin/Content/FileController.php b/src/Eccube/Controller/Admin/Content/FileController.php
index e42ee83a658..b0b6289d6a8 100644
--- a/src/Eccube/Controller/Admin/Content/FileController.php
+++ b/src/Eccube/Controller/Admin/Content/FileController.php
@@ -200,7 +200,7 @@ public function delete(Request $request)
         $this->isTokenValid();
 
         $selectFile = $request->get('select_file');
-        if (is_null($selectFile) || $selectFile == '/') {
+        if ($selectFile === '' || $selectFile === null || $selectFile == '/') {
             return $this->redirectToRoute('admin_content_file');
         }
 

From eefcc3f51826c045de830e2f4e324575bd963eb5 Mon Sep 17 00:00:00 2001
From: Kentaro Ohkouchi <nanasess@fsm.ne.jp>
Date: Wed, 9 Feb 2022 10:42:53 +0900
Subject: [PATCH 2/2] =?UTF-8?q?`select=5Ffile=3D`=20=E3=81=AE=E5=A0=B4?=
 =?UTF-8?q?=E5=90=88=E3=81=AE=E3=83=86=E3=82=B9=E3=83=88=E3=82=B1=E3=83=BC?=
 =?UTF-8?q?=E3=82=B9=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Tests/Web/Admin/Content/FileControllerTest.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/tests/Eccube/Tests/Web/Admin/Content/FileControllerTest.php b/tests/Eccube/Tests/Web/Admin/Content/FileControllerTest.php
index fd51d157756..5f7e422dbc2 100644
--- a/tests/Eccube/Tests/Web/Admin/Content/FileControllerTest.php
+++ b/tests/Eccube/Tests/Web/Admin/Content/FileControllerTest.php
@@ -73,6 +73,20 @@ public function testDelete()
         $this->assertFalse(file_exists($filepath));
     }
 
+    /**
+     * `select_file` が空の場合は `admin_content_file` へリダイレクトする.
+     *
+     * see https://github.com/EC-CUBE/ec-cube/pull/5298
+     */
+    public function testDeleteWithEmpty()
+    {
+        $this->client->request(
+            'DELETE',
+            $this->generateUrl('admin_content_file_delete').'?select_file='
+        );
+        $this->assertTrue($this->client->getResponse()->isRedirect($this->generateUrl('admin_content_file')));
+    }
+
     public function testIndexWithCreate()
     {
         $folder = 'create_folder';