Skip to content

Commit

Permalink
Merge pull request #127 from nanasess/add-php8.2-image
Browse files Browse the repository at this point in the history
Add php8.2 image
  • Loading branch information
nanasess authored Sep 16, 2023
2 parents 4f65a97 + 4a12b8b commit f2e7bb9
Show file tree
Hide file tree
Showing 10 changed files with 927 additions and 553 deletions.
6 changes: 3 additions & 3 deletions .github/workflows/dockerbuild.yml
Original file line number Diff line number Diff line change
Expand Up @@ -21,7 +21,7 @@ jobs:
strategy:
fail-fast: false
matrix:
php: [ '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1' ]
php: [ '5.4', '5.5', '5.6', '7.0', '7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2' ]

steps:
- name: downcase REPO
Expand Down Expand Up @@ -86,7 +86,7 @@ jobs:
type=match,prefix=${{ matrix.php }}-apache-,pattern=eccube2-weekly-(.*),group=1
- name: Build and export to Docker
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
with:
context: .
load: true
Expand Down Expand Up @@ -129,7 +129,7 @@ jobs:
- run: git checkout composer.*
## see https://docs.github.com/ja/packages/managing-github-packages-using-github-actions-workflows/publishing-and-installing-a-package-with-github-actions#publishing-a-package-using-an-action
- name: Push Docker image
uses: docker/build-push-action@v3
uses: docker/build-push-action@v4
if: success()
with:
context: .
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/security-checker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,4 +11,4 @@ jobs:
- name: Checkout code
uses: actions/checkout@v3
- name: Checking Security Vulnerabilities
uses: symfonycorp/security-checker-action@v4
uses: symfonycorp/security-checker-action@v5
29 changes: 17 additions & 12 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

61 changes: 54 additions & 7 deletions data/Smarty/templates/admin/contents/file_manager.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -31,11 +31,58 @@
var total = bread_crumbs.length;
for (var i in bread_crumbs) {
file_path += bread_crumbs[i] + '/';
$('<a href="javascript:;" onclick="eccube.fileManager.openFolder(\'' + file_path + '\'); return false;" />')
$('<a href="javascript:;" />')
.attr('data-filepath', file_path)
.text(bread_crumbs[i])
.addClass('open')
.appendTo($node);
if (i < total - 1) $node.append($delimiter);
}
$('a.open[data-filepath]').on('click', function() {
var filepath = $(this).data('filepath');
eccube.fileManager.openFolder(filepath);
return false;
});
$('a.cd[data-filepath]').on('click', function() {
var filepath = $(this).data('filepath');
var id = $(this).data('id');
eccube.setValue('tree_select_file', filepath, 'form1');
eccube.fileManager.selectFile(id, '#808080');
eccube.setModeAndSubmit('move','','');
return false;
});
$('a.view[data-filepath]').on('click', function() {
var filepath = $(this).data('filepath');
var id = $(this).data('id');
eccube.setValue('select_file', filepath, 'form1');
eccube.fileManager.selectFile(id, '#808080');
filepath = filepath.replace(/<!--{$smarty.const.USER_DIR|preg_quote:"/"}-->/, '');
eccube.openWindow('./file_view.php?file='+ filepath, 'user_data', '600', '400');
return false;
});
$('a.download[data-filepath]').on('click', function () {
var filepath = $(this).data('filepath');
var id = $(this).data('id');
eccube.setValue('select_file', filepath, 'form1');
eccube.fileManager.selectFile(id, '#808080');
eccube.fileManager.setTreeStatus('tree_status');
eccube.setModeAndSubmit('download','','');
return false;
});
$('a.delete[data-filepath]').on('click', function () {
var filepath = $(this).data('filepath');
var id = $(this).data('id');
eccube.setValue('select_file', filepath, 'form1');
eccube.fileManager.selectFile(id, '#808080');
eccube.fileManager.setTreeStatus('tree_status');
eccube.setModeAndSubmit('delete','','');
return false;
});
});
eccube.fileManager.IMG_FOLDER_CLOSE = "<!--{$TPL_URLPATH}-->img/contents/folder_close.gif"; // フォルダクローズ時画像
Expand Down Expand Up @@ -84,7 +131,7 @@
<th class="delete">削除</th>
</tr>
<!--{if !$tpl_is_top_dir}-->
<tr id="parent_dir" onclick="eccube.setValue('select_file', '<!--{$tpl_parent_dir|h}-->', 'form1'); eccube.fileManager.selectFile('parent_dir', '#808080');" onDblClick="eccube.fileManager.setTreeStatus('tree_status');eccube.fileManager.toggleTreeMenu('tree'+cnt, 'rank_img'+cnt, arrTree[cnt][2]);eccube.fileManager.doubleClick(arrTree, '<!--{$tpl_parent_dir|h}-->', true, '<!--{$tpl_now_dir|h}-->', true)" style="">
<tr id="parent_dir">
<td>
<img src="<!--{$TPL_URLPATH}-->img/contents/folder_parent.gif" alt="フォルダ">&nbsp;..
</td>
Expand All @@ -98,7 +145,7 @@
<!--{section name=cnt loop=$arrFileList}-->
<!--{assign var="id" value="select_file`$smarty.section.cnt.index`"}-->
<tr id="<!--{$id}-->" style="">
<td class="file-name" onDblClick="eccube.fileManager.setTreeStatus('tree_status');eccube.fileManager.doubleClick(arrTree, '<!--{$arrFileList[cnt].file_path|h}-->', <!--{if $arrFileList[cnt].is_dir|h}-->true<!--{else}-->false<!--{/if}-->, '<!--{$tpl_now_dir|h}-->', false)">
<td class="file-name">
<!--{if $arrFileList[cnt].is_dir}-->
<img src="<!--{$TPL_URLPATH}-->img/contents/folder_close.gif" alt="フォルダ" />
<!--{else}-->
Expand All @@ -114,23 +161,23 @@
</td>
<!--{if $arrFileList[cnt].is_dir}-->
<td class="center">
<a href="javascript:;" onclick="eccube.setValue('tree_select_file', '<!--{$arrFileList[cnt].file_path|h}-->', 'form1'); eccube.fileManager.selectFile('<!--{$id|h}-->', '#808080');eccube.setModeAndSubmit('move','',''); return false;">表示</a>
<a href="javascript:;" class="cd" data-filepath="<!--{$arrFileList[cnt].file_path|h}-->" data-id="<!--{$id|h}-->">表示</a>
</td>
<!--{else}-->
<td class="center">
<a href="javascript:;" onclick="eccube.setValue('select_file', '<!--{$arrFileList[cnt].file_path|h}-->', 'form1');eccube.fileManager.selectFile('<!--{$id}-->', '#808080');eccube.setModeAndSubmit('view','',''); return false;">表示</a>
<a href="javascript:;" class="view" data-filepath="<!--{$arrFileList[cnt].file_path|h}-->" data-id="<!--{$id|h}-->">表示</a>
</td>
<!--{/if}-->
<!--{if $arrFileList[cnt].is_dir}-->
<!--{* ディレクトリはダウンロード不可 *}-->
<td class="center">-</td>
<!--{else}-->
<td class="center">
<a href="javascript:;" onclick="eccube.setValue('select_file', '<!--{$arrFileList[cnt].file_path|h}-->', 'form1');eccube.fileManager.selectFile('<!--{$id}-->', '#808080');eccube.fileManager.setTreeStatus('tree_status');eccube.setModeAndSubmit('download','',''); return false;">ダウンロード</a>
<a href="javascript:;" class="download" data-filepath="<!--{$arrFileList[cnt].file_path|h}-->" data-id="<!--{$id|h}-->">ダウンロード</a>
</td>
<!--{/if}-->
<td class="center">
<a href="javascript:;" onclick="eccube.setValue('select_file', '<!--{$arrFileList[cnt].file_path|h}-->', 'form1');eccube.fileManager.selectFile('<!--{$id}-->', '#808080');eccube.fileManager.setTreeStatus('tree_status');eccube.setModeAndSubmit('delete','',''); return false;">削除</a>
<a href="javascript:;" class="delete" data-filepath="<!--{$arrFileList[cnt].file_path|h}-->" data-id="<!--{$id|h}-->">削除</a>
</td>
</tr>
<!--{/section}-->
Expand Down
2 changes: 1 addition & 1 deletion data/class/SC_Initial.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,7 +35,7 @@ class SC_Initial
public function __construct()
{
/** EC-CUBEのバージョン */
define('ECCUBE_VERSION', '2.17.2');
define('ECCUBE_VERSION', '2.17.2-p2');
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -99,24 +99,6 @@ public function action()
}
break;

// ファイル表示
case 'view':
$objFormParam = new SC_FormParam_Ex();
$this->lfInitParamModeView($objFormParam);
$objFormParam->setParam($this->createSetParam($_POST));
$objFormParam->convParam();

$this->arrErr = $objFormParam->checkError();
if (SC_Utils_Ex::isBlank($this->arrErr)) {
if ($this->tryView($objFormParam)) {
$pattern = '/' . preg_quote($objFormParam->getValue('top_dir'), '/') . '/';
$file_url = htmlspecialchars(preg_replace($pattern, '', $objFormParam->getValue('select_file')));
$tpl_onload = "eccube.openWindow('./file_view.php?file=". $file_url ."', 'user_data', '600', '400');";
$this->setTplOnLoad($tpl_onload);
}
}
break;

// ファイルダウンロード
case 'download':
$objFormParam = new SC_FormParam_Ex();
Expand Down
36 changes: 30 additions & 6 deletions data/smarty_extends/modifier.script_escape.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,36 @@ function smarty_modifier_script_escape($value)
{
if (is_array($value)) return $value;

$pattern = "/<script.*?>|<\/script>|javascript:|<svg.*(onload|onerror).*?>|<img.*(onload|onerror).*?>|<body.*onload.*?>|<iframe.*?>|<object.*?>|<embed.*?>|<.*onmouse.*?>|(\"|').*(onmouse|onerror|onload|onclick).*=.*(\"|').*/i";
$pattern = "<script.*?>|<\/script>|javascript:|<svg.*(onload|onerror).*?>|<img.*(onload|onerror).*?>|<body.*onload.*?>|<iframe.*?>|<object.*?>|<embed.*?>|";

// 追加でサニタイズするイベント一覧
$escapeEvents = array(
'onmouse',
'onclick',
'onblur',
'onfocus',
'onresize',
'onscroll',
'ondblclick',
'onchange',
'onselect',
'onsubmit',
'onkey',
);

// イベント毎の正規表現を生成
$generateHtmlTagPatterns = array_map(function($str) {
return "<(\w+)([^>]*\s)?\/?".$str."[^>]*>";
}, $escapeEvents);
$pattern .= implode("|", $generateHtmlTagPatterns)."|";
$pattern .= "(\"|').*(onerror|onload|".implode("|", $escapeEvents).").*=.*(\"|').*";

// 正規表現をまとめる
$attributesPattern = "/${pattern}/i";

// 置き換える文字列
$convert = '#script tag escaped#';

if (preg_match_all($pattern, $value, $matches)) {
return preg_replace($pattern, $convert, $value);
} else {
return $value;
}
// マッチしたら文字列を置き換える
return preg_replace($attributesPattern, $convert, $value);
}
28 changes: 14 additions & 14 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -7,35 +7,35 @@
"license": "GPL",
"dependencies": {
"@babel/polyfill": "^7.12.1",
"css-loader": "^6.7.1",
"css-loader": "^6.7.3",
"date-fns": "^2.29.3",
"jquery": "3",
"jquery-colorbox": "^1.6.4",
"jquery-easing": "^0.0.1",
"jquery-migrate": "^3.4.0",
"jquery-migrate": "^3.4.1",
"slick-carousel": "^1.8.1",
"style-loader": "^3.3.0",
"style-loader": "^3.3.2",
"url-loader": "^4.1.1",
"webpack": "^5.73.0"
"webpack": "^5.76.0"
},
"devDependencies": {
"@babel/core": "^7.20.2",
"@babel/preset-env": "^7.19.4",
"@babel/core": "^7.21.3",
"@babel/preset-env": "^7.20.2",
"@faker-js/faker": "^7.6.0",
"@playwright/test": "^1.27.1",
"@playwright/test": "^1.29.2",
"@types/date-fns": "^2.6.0",
"@types/faker": "^6.6.9",
"@types/tar": "^6.1.3",
"@typescript-eslint/eslint-plugin": "^5.13.0",
"@typescript-eslint/parser": "^5.42.1",
"@types/tar": "^6.1.4",
"@typescript-eslint/eslint-plugin": "^5.48.0",
"@typescript-eslint/parser": "^5.55.0",
"babel-eslint": "^10.0.3",
"babel-loader": "^8.2.5",
"browser-sync-webpack-plugin": "^2.3.0",
"eslint": "^8.25.0",
"eslint": "^8.36.0",
"eslint-config-jquery": "^3.0.0",
"eslint-plugin-import": "^2.26.0",
"tar": "^6.1.11",
"typescript": "^4.8.4",
"eslint-plugin-import": "^2.27.5",
"tar": "^6.1.13",
"typescript": "^5.0.2",
"webpack-cli": "^4.10.0",
"zaproxy": "^1.0.1"
},
Expand Down
Loading

0 comments on commit f2e7bb9

Please sign in to comment.