Merge remote-tracking branch 'upstream/4.3' into dependabot/composer/knplabs/knp-paginator-bundle-6.8.0

nanasess · nanasess · commit 10be8345655d · 2025-05-19T09:57:06.000+09:00
diff --git a/src/Eccube/Command/PluginGenerateCommand.php b/src/Eccube/Command/PluginGenerateCommand.php
@@ -118,6 +118,7 @@ protected function execute(InputInterface $input, OutputInterface $output)
         $this->createTwigBlock($pluginDir, $code);
         $this->createConfigController($pluginDir, $code);
         $this->createGithubActions($pluginDir);
+        $this->createGitattributes($pluginDir);
 
         $this->io->success(sprintf('Plugin was successfully created: %s %s %s', $name, $code, $version));
 
@@ -209,19 +210,13 @@ protected function createGithubActions($pluginDir)
 jobs:
   deploy:
     name: Build
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Packaging
-        working-directory: ../
         run: |
-          rm -rf $GITHUB_WORKSPACE/.github
-          find $GITHUB_WORKSPACE -name "dummy" -delete
-          find $GITHUB_WORKSPACE -name ".git*" -and ! -name ".gitkeep" -print0 | xargs -0 rm -rf
-          chmod -R o+w $GITHUB_WORKSPACE
-          cd $GITHUB_WORKSPACE
-          tar cvzf ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz ./*
+          git archive HEAD --format=tar.gz > ../${{ github.event.repository.name }}-${{ github.event.release.tag_name }}.tar.gz
       - name: Upload binaries to release of TGZ
         uses: svenstaro/upload-release-action@v1-release
         with:
@@ -235,6 +230,18 @@ protected function createGithubActions($pluginDir)
         $this->fs->dumpFile($pluginDir.'/.github/workflows/release.yml', $source);
     }
 
+    protected function createGitattributes($pluginDir)
+    {
+        $source = <<<EOL
+/.gitattributes             export-ignore
+/.github                    export-ignore
+/.gitignore                 export-ignore
+/dummy                      export-ignore
+EOL;
+
+        $this->fs->dumpFile($pluginDir.'/.gitattributes', $source);
+    }
+
     /**
      * @param string $pluginDir
      */
diff --git a/src/Eccube/Controller/Admin/Product/CsvImportController.php b/src/Eccube/Controller/Admin/Product/CsvImportController.php
@@ -43,6 +43,7 @@
 use Eccube\Stream\Filter\SjisToUtf8EncodingFilter;
 use Eccube\Util\CacheUtil;
 use Eccube\Util\StringUtil;
+use HTMLPurifier;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Symfony\Component\Filesystem\Filesystem;
 use Symfony\Component\Finder\Finder;
@@ -127,6 +128,8 @@ class CsvImportController extends AbstractCsvImportController
 
     protected $currentLineNo = 1;
 
+    private HTMLPurifier $purifier;
+
     /**
      * CsvImportController constructor.
      *
@@ -142,7 +145,7 @@ class CsvImportController extends AbstractCsvImportController
      * @param TaxRuleRepository $taxRuleRepository
      * @param BaseInfoRepository $baseInfoRepository
      * @param ValidatorInterface $validator
-     *
+     * @param HTMLPurifier $purifier
      * @throws \Exception
      */
     public function __construct(
@@ -157,7 +160,8 @@ public function __construct(
         ProductRepository $productRepository,
         TaxRuleRepository $taxRuleRepository,
         BaseInfoRepository $baseInfoRepository,
-        ValidatorInterface $validator
+        ValidatorInterface $validator,
+        HTMLPurifier $purifier
     ) {
         $this->deliveryDurationRepository = $deliveryDurationRepository;
         $this->saleTypeRepository = $saleTypeRepository;
@@ -171,6 +175,7 @@ public function __construct(
         $this->taxRuleRepository = $taxRuleRepository;
         $this->BaseInfo = $baseInfoRepository->get();
         $this->validator = $validator;
+        $this->purifier = $purifier;
     }
 
     /**
@@ -319,7 +324,7 @@ public function csvProduct(Request $request, CacheUtil $cacheUtil)
 
                         if (isset($row[$headerByKey['description_list']])) {
                             if (StringUtil::isNotBlank($row[$headerByKey['description_list']])) {
-                                $Product->setDescriptionList(StringUtil::trimAll($row[$headerByKey['description_list']]));
+                                $Product->setDescriptionList($this->purifier->purify(StringUtil::trimAll($row[$headerByKey['description_list']])));
                             } else {
                                 $Product->setDescriptionList(null);
                             }
@@ -337,7 +342,7 @@ public function csvProduct(Request $request, CacheUtil $cacheUtil)
 
                                     return $this->renderWithError($form, $headers);
                                 } else {
-                                    $Product->setDescriptionDetail(StringUtil::trimAll($row[$headerByKey['description_detail']]));
+                                    $Product->setDescriptionDetail($this->purifier->purify(StringUtil::trimAll($row[$headerByKey['description_detail']])));
                                 }
                             } else {
                                 $Product->setDescriptionDetail(null);
@@ -354,7 +359,7 @@ public function csvProduct(Request $request, CacheUtil $cacheUtil)
 
                         if (isset($row[$headerByKey['free_area']])) {
                             if (StringUtil::isNotBlank($row[$headerByKey['free_area']])) {
-                                $Product->setFreeArea(StringUtil::trimAll($row[$headerByKey['free_area']]));
+                                $Product->setFreeArea($this->purifier->purify(StringUtil::trimAll($row[$headerByKey['free_area']])));
                             } else {
                                 $Product->setFreeArea(null);
                             }
@@ -796,7 +801,7 @@ public function csvCategory(Request $request, CacheUtil $cacheUtil)
                         $ParentCategory = null;
                         if (isset($row[$headerByKey['parent_category_id']]) && StringUtil::isNotBlank($row[$headerByKey['parent_category_id']])) {
                             if (!preg_match('/^\d+$/', $row[$headerByKey['parent_category_id']])) {
-                                $this->addErrors(($data->key() + 1).'行目の親カテゴリIDが存在しません。');
+                                $this->addErrors(($data->key() + 1).'行目の親カテゴリIDは数字で入力してください。');
 
                                 return $this->renderWithError($form, $headers);
                             }
diff --git a/src/Eccube/Resource/locale/messages.ja.yaml b/src/Eccube/Resource/locale/messages.ja.yaml
@@ -774,7 +774,7 @@ admin.product.category_csv.category_id_description: 新規登録の場合は空
 admin.product.category_csv.category_name_col: カテゴリ名
 admin.product.category_csv.category_name_description: ""
 admin.product.category_csv.parent_category_id_col: 親カテゴリID
-admin.product.category_csv.parent_category_id_description: ""
+admin.product.category_csv.parent_category_id_description: 登録済みのカテゴリIDを数字で指定してください
 admin.product.category_csv.delete_flag_col: カテゴリ削除フラグ
 admin.product.category_csv.delete_flag_description: 0:登録 1:削除を指定します。未指定の場合、0として扱います。
 
