Skip to content

Commit

Permalink
Merge pull request from GHSA-58w4-w77w-qv3w
Browse files Browse the repository at this point in the history 
Make sure ajax requests are sent in application/json format
  • Loading branch information
@PierreRambaud
PierreRambaud authored Nov 16, 2020
2 parents 944d14a + 9e01903 commit c56e3e9
Show file tree
Hide file tree
Showing 8 changed files with 154 additions and 103 deletions.
12 changes: 9 additions & 3 deletions controllers/front/CommentGrade.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,8 @@ public function display()
$idProducts = Tools::getValue('id_products');
/** @var ProductCommentRepository $productCommentRepository */

header('Content-Type: application/json');

if (!is_array($idProducts)) {
return $this->ajaxRender(null);
}
Expand All @@ -51,8 +53,12 @@ public function display()
];
}

$this->ajaxRender(json_encode([
'products' => $resultFormated
]));
$this->ajaxRender(
json_encode(
[
'products' => $resultFormated
]
)
);
}
}
7 changes: 6 additions & 1 deletion controllers/front/ListComments.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,6 +75,11 @@ public function display()
$responseArray['comments'][] = $productComment;
}

$this->ajaxRender(json_encode($responseArray));
header('Content-Type: application/json');
$this->ajaxRender(
json_encode(
$responseArray
)
);
}
}
77 changes: 51 additions & 26 deletions controllers/front/PostComment.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,20 +33,25 @@ class ProductCommentsPostCommentModuleFrontController extends ModuleFrontControl
{
public function display()
{
header('Content-Type: application/json');
if (!(int) $this->context->cookie->id_customer && !Configuration::get('PRODUCT_COMMENTS_ALLOW_GUESTS')) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans(
'You need to be [1]logged in[/1] or [2]create an account[/2] to post your review.',
$this->ajaxRender(
json_encode(
[
'[1]' => '<a href="' . $this->context->link->getPageLink('my-account') . '">',
'[/1]' => '</a>',
'[2]' => '<a href="' . $this->context->link->getPageLink('authentication&create_account=1') . '">',
'[/2]' => '</a>',
],
'Modules.Productcomments.Shop'
),
]));
'success' => false,
'error' => $this->trans(
'You need to be [1]logged in[/1] or [2]create an account[/2] to post your review.',
[
'[1]' => '<a href="' . $this->context->link->getPageLink('my-account') . '">',
'[/1]' => '</a>',
'[2]' => '<a href="' . $this->context->link->getPageLink('authentication&create_account=1') . '">',
'[/2]' => '</a>',
],
'Modules.Productcomments.Shop'
),
]
)
);

return false;
}
Expand All @@ -59,12 +64,20 @@ public function display()

/** @var ProductCommentRepository $productCommentRepository */
$productCommentRepository = $this->context->controller->getContainer()->get('product_comment_repository');
$isPostAllowed = $productCommentRepository->isPostAllowed($id_product, (int) $this->context->cookie->id_customer, (int) $this->context->cookie->id_guest);
$isPostAllowed = $productCommentRepository->isPostAllowed(
$id_product,
(int) $this->context->cookie->id_customer,
(int) $this->context->cookie->id_guest
);
if (!$isPostAllowed) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('You are not allowed to post a review at the moment, please try again later.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('You are not allowed to post a review at the moment, please try again later.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}
Expand All @@ -87,21 +100,30 @@ public function display()
$this->addCommentGrades($productComment, $criterions);

//Validate comment
if (!empty($errors = $this->validateComment($productComment))) {
$this->ajaxRender(json_encode([
'success' => false,
'errors' => $errors,
]));
$errors = $this->validateComment($productComment);
if (!empty($errors)) {
$this->ajaxRender(
json_encode(
[
'success' => false,
'errors' => $errors,
]
)
);

return false;
}

$entityManager->flush();

$this->ajaxRender(json_encode([
'success' => true,
'product_comment' => $productComment->toArray(),
]));
$this->ajaxRender(
json_encode(
[
'success' => true,
'product_comment' => $productComment->toArray(),
]
)
);
}

/**
Expand All @@ -116,16 +138,19 @@ private function addCommentGrades(ProductComment $productComment, array $criteri
$entityManager = $this->container->get('doctrine.orm.entity_manager');
$criterionRepository = $entityManager->getRepository(ProductCommentCriterion::class);
$averageGrade = 0;

foreach ($criterions as $criterionId => $grade) {
$criterion = $criterionRepository->findOneById($criterionId);
$criterionGrade = new ProductCommentGrade(
$productComment,
$criterion,
$grade
);

$entityManager->persist($criterionGrade);
$averageGrade += $grade;
}

$averageGrade /= count($criterions);
$productComment->setGrade($averageGrade);
}
Expand Down
51 changes: 35 additions & 16 deletions controllers/front/ReportComment.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,18 @@ class ProductCommentsReportCommentModuleFrontController extends ModuleFrontContr
{
public function display()
{
header('Content-Type: application/json');

$customerId = (int) $this->context->cookie->id_customer;
if (!$customerId) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('You need to be logged in to report a review.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('You need to be logged in to report a review.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}
Expand All @@ -49,10 +55,14 @@ public function display()

$productComment = $productCommentEntityRepository->findOneById($id_product_comment);
if (!$productComment) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('Cannot find the requested product review.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('Cannot find the requested product review.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}
Expand All @@ -63,11 +73,16 @@ public function display()
'comment' => $id_product_comment,
'customerId' => $customerId,
]);

if ($productCommentAbuse) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('You already reported this review as abusive.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('You already reported this review as abusive.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}
Expand All @@ -79,9 +94,13 @@ public function display()
$entityManager->persist($productCommentAbuse);
$entityManager->flush();

$this->ajaxRender(json_encode([
'success' => true,
'id_product_comment' => $id_product_comment,
]));
$this->ajaxRender(
json_encode(
[
'success' => true,
'id_product_comment' => $id_product_comment,
]
)
);
}
}
69 changes: 45 additions & 24 deletions controllers/front/UpdateCommentUsefulness.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,30 +32,40 @@ class ProductCommentsUpdateCommentUsefulnessModuleFrontController extends Module
{
public function display()
{
header('Content-Type: application/json');

if (!Configuration::get('PRODUCT_COMMENTS_USEFULNESS')) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('This feature is not enabled.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('This feature is not enabled.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}

$customerId = (int) $this->context->cookie->id_customer;
if (!$customerId) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans(
'You need to be [1]logged in[/1] or [2]create an account[/2] to give your appreciation of a review.',
$this->ajaxRender(
json_encode(
[
'[1]' => '<a href="' . $this->context->link->getPageLink('my-account') . '">',
'[/1]' => '</a>',
'[2]' => '<a href="' . $this->context->link->getPageLink('authentication&create_account=1') . '">',
'[/2]' => '</a>',
],
'Modules.Productcomments.Shop'
),
]));
'success' => false,
'error' => $this->trans(
'You need to be [1]logged in[/1] or [2]create an account[/2] to give your appreciation of a review.',
[
'[1]' => '<a href="' . $this->context->link->getPageLink('my-account') . '">',
'[/1]' => '</a>',
'[2]' => '<a href="' . $this->context->link->getPageLink('authentication&create_account=1') . '">',
'[/2]' => '</a>',
],
'Modules.Productcomments.Shop'
),
]
)
);

return false;
}
Expand All @@ -69,10 +79,14 @@ public function display()

$productComment = $productCommentEntityRepository->findOneById($id_product_comment);
if (!$productComment) {
$this->ajaxRender(json_encode([
'success' => false,
'error' => $this->trans('Cannot find the requested product review.', [], 'Modules.Productcomments.Shop'),
]));
$this->ajaxRender(
json_encode(
[
'success' => false,
'error' => $this->trans('Cannot find the requested product review.', [], 'Modules.Productcomments.Shop'),
]
)
);

return false;
}
Expand Down Expand Up @@ -100,9 +114,16 @@ public function display()
$productCommentRepository = $this->context->controller->getContainer()->get('product_comment_repository');
$commentUsefulness = $productCommentRepository->getProductCommentUsefulness($id_product_comment);

$this->ajaxRender(json_encode(array_merge([
'success' => true,
'id_product_comment' => $id_product_comment,
], $commentUsefulness)));
$this->ajaxRender(
json_encode(
array_merge(
[
'success' => true,
'id_product_comment' => $id_product_comment,
],
$commentUsefulness
)
)
);
}
}
18 changes: 3 additions & 15 deletions views/js/list-comments.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,7 @@ jQuery(document).ready(function () {
}

function paginateComments(page) {
$.get(commentsListUrl, {page: page}, function(result) {
const jsonResponse = JSON.parse(result);

$.get(commentsListUrl, {page: page}, function(jsonResponse) {
if (jsonResponse.comments && jsonResponse.comments.length > 0) {
populateComments(jsonResponse.comments);
if (jsonResponse.comments_nb > jsonResponse.comments_per_page) {
Expand Down Expand Up @@ -123,12 +121,7 @@ jQuery(document).ready(function () {
}

function updateCommentUsefulness($comment, commentId, usefulness) {
$.post(updateCommentUsefulnessUrl, {id_product_comment: commentId, usefulness: usefulness}, function(jsonResponse){
var jsonData = false;
try {
jsonData = JSON.parse(jsonResponse);
} catch (e) {
}
$.post(updateCommentUsefulnessUrl, {id_product_comment: commentId, usefulness: usefulness}, function(jsonData){
if (jsonData) {
if (jsonData.success) {
$('.useful-review-value', $comment).html(jsonData.usefulness);
Expand All @@ -151,12 +144,7 @@ jQuery(document).ready(function () {
if (!confirm) {
return;
}
$.post(reportCommentUrl, {id_product_comment: commentId}, function(jsonResponse){
var jsonData = false;
try {
jsonData = JSON.parse(jsonResponse);
} catch (e) {
}
$.post(reportCommentUrl, {id_product_comment: commentId}, function(jsonData){
if (jsonData) {
if (jsonData.success) {
reportCommentPostedModal.modal('show');
Expand Down
7 changes: 1 addition & 6 deletions views/js/post-comment.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,12 +84,7 @@ jQuery(document).ready(function () {
if (!validateFormData(formData)) {
return;
}
$.post($(this).attr('action'), $(this).serialize(), function(jsonResponse) {
var jsonData = false;
try {
jsonData = JSON.parse(jsonResponse);
} catch (e) {
}
$.post($(this).attr('action'), $(this).serialize(), function(jsonData) {
if (jsonData) {
if (jsonData.success) {
clearPostCommentForm();
Expand Down
Loading

0 comments on commit c56e3e9

Please sign in to comment.