Merge branch 'master' into dependabot/composer/nanasess/mdb2-2.5.1

EC-CUBE · Oct 17, 2024 · fbfcbe9 · fbfcbe9
2 parents d0bc77e + cdefe2a
commit fbfcbe9
Show file tree

Hide file tree

Showing 7 changed files with 93 additions and 91 deletions.
diff --git a/.github/workflows/dockerbuild-and-push.yml b/.github/workflows/dockerbuild-and-push.yml
@@ -95,7 +95,7 @@ jobs:
         run: |
           sudo chown -R 1001:1000 zap
           sudo chmod -R g+w zap
-          docker-compose up -d
+          docker compose up -d
 
       - run: sleep 1
       - run: |

diff --git a/.github/workflows/penetration-tests.yml b/.github/workflows/penetration-tests.yml
@@ -47,12 +47,12 @@ jobs:
       run: |
         sudo chown -R 1001:1000 zap
         sudo chmod -R g+w zap
-        docker-compose up -d
-        docker-compose exec -T ec-cube composer install
-        docker-compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" -W
-        docker-compose exec -T ec-cube composer update 'symfony/*' -W
-        docker-compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
-        docker-compose exec -T postgres psql --user=eccube_db_user eccube_db -c "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0);"
+        docker compose up -d
+        docker compose exec -T ec-cube composer install
+        docker compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" -W
+        docker compose exec -T ec-cube composer update 'symfony/*' -W
+        docker compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
+        docker compose exec -T postgres psql --user=eccube_db_user eccube_db -c "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0);"
 
     - run: sleep 1
     - run: |

diff --git a/data/class/helper/SC_Helper_Purchase.php b/data/class/helper/SC_Helper_Purchase.php
@@ -403,6 +403,9 @@ public function setShipmentItemTemp($shipping_id, $product_class_id, $quantity)
 
         if (empty($arrItems['productsClass'])) {
             $product = &$objProduct->getDetailAndProductsClass($product_class_id);
+            // セッション変数のデータ量を抑制するため、一部の商品情報を切り捨てる
+            $objCartSession = new SC_CartSession_Ex();
+            $objCartSession->adjustSessionProductsClass($product);
             $arrItems['productsClass'] = $product;
         }
         $arrItems['price'] = $arrItems['productsClass']['price02'];

diff --git a/package.json b/package.json
@@ -17,13 +17,13 @@
     "slick-carousel": "^1.8.1",
     "style-loader": "^3.3.4",
     "url-loader": "^4.1.1",
-    "webpack": "^5.93.0"
+    "webpack": "^5.95.0"
   },
   "devDependencies": {
     "@babel/core": "^7.25.2",
     "@babel/preset-env": "^7.25.3",
     "@faker-js/faker": "^8.4.1",
-    "@playwright/test": "^1.45.3",
+    "@playwright/test": "^1.48.0",
     "@types/date-fns": "^2.6.0",
     "@types/faker": "^6.6.9",
     "@types/tar": "^6.1.11",
@@ -36,7 +36,7 @@
     "eslint-config-jquery": "^3.0.2",
     "eslint-plugin-import": "^2.29.1",
     "tar": "^7.4.3",
-    "typescript": "^5.5.4",
+    "typescript": "^5.6.3",
     "webpack-cli": "^4.10.0",
     "zaproxy": "^1.0.1"
   },

diff --git a/tests/class/helper/SC_Helper_Purchase/SC_Helper_Purchase_setShipmentItemTempTest.php b/tests/class/helper/SC_Helper_Purchase/SC_Helper_Purchase_setShipmentItemTempTest.php
@@ -49,8 +49,8 @@ protected function setUp(): void
         $this->productsClass = $this->objQuery->getRow('*', 'dtb_products_class', 'product_id = ?', [$this->product_id]);
 
         $_SESSION['shipping']['1001']['shipment_item'] = [
-      '1001' => ['productsClass' => ['price02' => 9000]],
-    ];
+            '1001' => ['productsClass' => ['price02' => 9000]],
+        ];
         $this->helper = new SC_Helper_Purchase_Ex();
     }
 
@@ -65,36 +65,52 @@ public function testSetShipmentItemTemp製品情報が既に存在する場合
         $this->helper->setShipmentItemTemp('1001', '1001', 10);
 
         $this->expected = [
-      'shipping_id' => '1001',
-      'product_class_id' => '1001',
-      'quantity' => 10,
-      'price' => 9000,
-      'total_inctax' => SC_Helper_TaxRule_Ex::sfCalcIncTax(90000),
-      'productsClass' => ['price02' => 9000],
-    ];
+            'shipping_id' => '1001',
+            'product_class_id' => '1001',
+            'quantity' => 10,
+            'price' => 9000,
+            'total_inctax' => SC_Helper_TaxRule_Ex::sfCalcIncTax(90000),
+            'productsClass' => ['price02' => 9000],
+        ];
         $this->actual = $_SESSION['shipping']['1001']['shipment_item']['1001'];
 
         $this->verify();
     }
 
-    public function testSetShipmentItemTemp製品情報が存在しない場合DBから取得した値が反映される()
+    public function testSetShipmentItemTemp製品情報が存在しない場合DBから取得した値が反映され不要な情報は削除される()
     {
         $quantity = 10;
         $this->helper->setShipmentItemTemp('1001', $this->productsClass['product_class_id'], $quantity);
 
+        $objProduct = new SC_Product_Ex();
+        $arrProduct = $objProduct->getDetailAndProductsClass($this->productsClass['product_class_id']);
         $this->expected = [
-      'shipping_id' => '1001',
-      'product_class_id' => $this->productsClass['product_class_id'],
-      'quantity' => $quantity,
-      'price' => $this->productsClass['price02'],
-      'total_inctax' => SC_Helper_TaxRule_Ex::sfCalcIncTax($this->productsClass['price02']) * $quantity,
-    ];
+            'shipping_id' => '1001',
+            'product_class_id' => $this->productsClass['product_class_id'],
+            'quantity' => $quantity,
+            'price' => $this->productsClass['price02'],
+            'total_inctax' => SC_Helper_TaxRule_Ex::sfCalcIncTax($this->productsClass['price02']) * $quantity,
+            'productsClass' => [
+                'product_id' => $arrProduct['product_id'],
+                'product_class_id' => $arrProduct['product_class_id'],
+                'name' => $arrProduct['name'],
+                'price02' => $arrProduct['price02'],
+                'point_rate' => $arrProduct['point_rate'],
+                'main_list_image' => $arrProduct['main_list_image'],
+                'main_image' => $arrProduct['main_image'],
+                'product_code' => $arrProduct['product_code'],
+                'stock' => $arrProduct['stock'],
+                'stock_unlimited' => $arrProduct['stock_unlimited'],
+                'sale_limit' => $arrProduct['sale_limit'],
+                'class_name1' => $arrProduct['class_name1'],
+                'classcategory_name1' => $arrProduct['classcategory_name1'],
+                'class_name2' => $arrProduct['class_name2'],
+                'classcategory_name2' => $arrProduct['classcategory_name2'],
+            ],
+        ];
         $result = $_SESSION['shipping']['1001']['shipment_item'][$this->productsClass['product_class_id']];
-        unset($result['productsClass']);
         $this->actual = $result;
-
         $this->verify();
     }
-
     // ////////////////////////////////////////
 }
diff --git a/yarn.lock b/yarn.lock
@@ -1230,12 +1230,12 @@
   resolved "https://registry.yarnpkg.com/@pkgjs/parseargs/-/parseargs-0.11.0.tgz#a77ea742fab25775145434eb1d2328cf5013ac33"
   integrity sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==
 
-"@playwright/test@^1.45.3":
-  version "1.45.3"
-  resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.45.3.tgz#22e9c38b3081d6674b28c6e22f784087776c72e5"
-  integrity sha512-UKF4XsBfy+u3MFWEH44hva1Q8Da28G6RFtR2+5saw+jgAFQV5yYnB1fu68Mz7fO+5GJF3wgwAIs0UelU8TxFrA==
+"@playwright/test@^1.48.0":
+  version "1.48.0"
+  resolved "https://registry.yarnpkg.com/@playwright/test/-/test-1.48.0.tgz#4b81434a3ca75e2a6f82a645287784223a45434c"
+  integrity sha512-W5lhqPUVPqhtc/ySvZI5Q8X2ztBOUgZ8LbAFy0JQgrXZs2xaILrUcNO3rQjwbLPfGK13+rZsDa1FpG+tqYkT5w==
   dependencies:
-    playwright "1.45.3"
+    playwright "1.48.0"
 
 "@types/date-fns@^2.6.0":
   version "2.6.0"
@@ -1244,23 +1244,7 @@
   dependencies:
     date-fns "*"
 
-"@types/eslint-scope@^3.7.3":
-  version "3.7.3"
-  resolved "https://registry.yarnpkg.com/@types/eslint-scope/-/eslint-scope-3.7.3.tgz#125b88504b61e3c8bc6f870882003253005c3224"
-  integrity sha512-PB3ldyrcnAicT35TWPs5IcwKD8S333HMaa2VVv4+wdvebJkjWuW/xESoB8IwRcog8HYVYamb1g/R31Qv5Bx03g==
-  dependencies:
-    "@types/eslint" "*"
-    "@types/estree" "*"
-
-"@types/eslint@*":
-  version "8.4.1"
-  resolved "https://registry.yarnpkg.com/@types/eslint/-/eslint-8.4.1.tgz#c48251553e8759db9e656de3efc846954ac32304"
-  integrity sha512-GE44+DNEyxxh2Kc6ro/VkIj+9ma0pO0bwv9+uHSyBrikYOHr8zYcdPvnBOp1aw8s+CjRvuSx7CyWqRrNFQ59mA==
-  dependencies:
-    "@types/estree" "*"
-    "@types/json-schema" "*"
-
-"@types/estree@*", "@types/estree@^1.0.5":
+"@types/estree@^1.0.5":
   version "1.0.5"
   resolved "https://registry.yarnpkg.com/@types/estree/-/estree-1.0.5.tgz#a6ce3e556e00fd9895dd872dd172ad0d4bd687f4"
   integrity sha512-/kYRxGDLWzHOB7q+wtSUQlFrtcdUccpfy+X+9iMBpHK8QLLhx2wIPYuS5DYtR9Wa/YlZAbIovy7qVdB1Aq6Lyw==
@@ -1272,7 +1256,7 @@
   dependencies:
     faker "*"
 
-"@types/json-schema@*", "@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9":
+"@types/json-schema@^7.0.8", "@types/json-schema@^7.0.9":
   version "7.0.9"
   resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.9.tgz#97edc9037ea0c38585320b28964dde3b39e4660d"
   integrity sha512-qcUXuemtEu+E5wZSJHNxUXeCZhAfXKQ41D+duX+VYPde7xyEVZci+/oXKJL13tnRs9lR2pr4fod59GT6/X1/yQ==
@@ -2145,10 +2129,10 @@ emojis-list@^3.0.0:
   resolved "https://registry.yarnpkg.com/emojis-list/-/emojis-list-3.0.0.tgz#5570662046ad29e2e916e71aae260abdff4f6a78"
   integrity sha512-/kyM18EfinwXZbno9FyUGeFh87KC8HRQBQGildHZbEuRyWFOmv1U10o9BBp8XVZDVNNuQKyIGIu5ZYAAXJ0V2Q==
 
-enhanced-resolve@^5.17.0:
-  version "5.17.0"
-  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.0.tgz#d037603789dd9555b89aaec7eb78845c49089bc5"
-  integrity sha512-dwDPwZL0dmye8Txp2gzFmA6sxALaSvdRDjPH0viLcKrtlOL3tw62nWWweVD1SdILDTJrbrL6tdWVN58Wo6U3eA==
+enhanced-resolve@^5.17.1:
+  version "5.17.1"
+  resolved "https://registry.yarnpkg.com/enhanced-resolve/-/enhanced-resolve-5.17.1.tgz#67bfbbcc2f81d511be77d686a90267ef7f898a15"
+  integrity sha512-LMHl3dXhTcfv8gM4kEzIUeTQ+7fpdA0l2tUf34BddXPkz2A5xJ5L/Pchd5BL6rdccM9QGvu0sWZzK1Z1t4wwyg==
   dependencies:
     graceful-fs "^4.2.4"
     tapable "^2.2.0"
@@ -3597,17 +3581,17 @@ pkg-dir@^7.0.0:
   dependencies:
     find-up "^6.3.0"
 
-playwright-core@1.45.3:
-  version "1.45.3"
-  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.45.3.tgz#e77bc4c78a621b96c3e629027534ee1d25faac93"
-  integrity sha512-+ym0jNbcjikaOwwSZycFbwkWgfruWvYlJfThKYAlImbxUgdWFO2oW70ojPm4OpE4t6TAo2FY/smM+hpVTtkhDA==
+playwright-core@1.48.0:
+  version "1.48.0"
+  resolved "https://registry.yarnpkg.com/playwright-core/-/playwright-core-1.48.0.tgz#34d209dd4aba8fccd4a96116f1c4f7630f868722"
+  integrity sha512-RBvzjM9rdpP7UUFrQzRwR8L/xR4HyC1QXMzGYTbf1vjw25/ya9NRAVnXi/0fvFopjebvyPzsmoK58xxeEOaVvA==
 
-playwright@1.45.3:
-  version "1.45.3"
-  resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.45.3.tgz#75143f73093a6e1467f7097083d2f0846fb8dd2f"
-  integrity sha512-QhVaS+lpluxCaioejDZ95l4Y4jSFCsBvl2UZkpeXlzxmqS+aABr5c82YmfMHrL6x27nvrvykJAFpkzT2eWdJww==
+playwright@1.48.0:
+  version "1.48.0"
+  resolved "https://registry.yarnpkg.com/playwright/-/playwright-1.48.0.tgz#00855d9a25f1991d422867f1c32af5d90f457b48"
+  integrity sha512-qPqFaMEHuY/ug8o0uteYJSRfMGFikhUysk8ZvAtfKmUK3kc/6oNl/y3EczF8OFGYIi/Ex2HspMfzYArk6+XQSA==
   dependencies:
-    playwright-core "1.45.3"
+    playwright-core "1.48.0"
   optionalDependencies:
     fsevents "2.3.2"
 
@@ -4319,10 +4303,10 @@ typed-array-length@^1.0.4:
     for-each "^0.3.3"
     is-typed-array "^1.1.9"
 
-typescript@^5.5.4:
-  version "5.5.4"
-  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.5.4.tgz#d9852d6c82bad2d2eda4fd74a5762a8f5909e9ba"
-  integrity sha512-Mtq29sKDAEYP7aljRgtPOpTvOfbwRWlS6dPRzwjdE+C0R4brX/GUyhHSecbHMFLNBLcJIPt9nl9yG5TZ1weH+Q==
+typescript@^5.6.3:
+  version "5.6.3"
+  resolved "https://registry.yarnpkg.com/typescript/-/typescript-5.6.3.tgz#5f3449e31c9d94febb17de03cc081dd56d81db5b"
+  integrity sha512-hjcS1mhfuyi4WW8IWtjP7brDrG2cuDZukyrYrSauoXGNgx0S7zceP07adYkJycEr56BOUTNPzbInooiN3fn1qw==
 
 unbox-primitive@^1.0.2:
   version "1.0.2"
@@ -4444,12 +4428,11 @@ webpack-sources@^3.2.3:
   resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-3.2.3.tgz#2d4daab8451fd4b240cc27055ff6a0c2ccea0cde"
   integrity sha512-/DyMEOrDgLKKIG0fmvtz+4dUX/3Ghozwgm6iPp8KRhvn+eQf9+Q7GWxVNMk3+uCPWfdXYC4ExGBckIXdFEfH1w==
 
-webpack@^5.93.0:
-  version "5.93.0"
-  resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.93.0.tgz#2e89ec7035579bdfba9760d26c63ac5c3462a5e5"
-  integrity sha512-Y0m5oEY1LRuwly578VqluorkXbvXKh7U3rLoQCEO04M97ScRr44afGVkI0FQFsXzysk5OgFAxjZAb9rsGQVihA==
+webpack@^5.95.0:
+  version "5.95.0"
+  resolved "https://registry.yarnpkg.com/webpack/-/webpack-5.95.0.tgz#8fd8c454fa60dad186fbe36c400a55848307b4c0"
+  integrity sha512-2t3XstrKULz41MNMBF+cJ97TyHdyQ8HCt//pqErqDvNjU9YQBnZxIHa11VXsi7F3mb5/aO2tuDxdeTPdU7xu9Q==
   dependencies:
-    "@types/eslint-scope" "^3.7.3"
     "@types/estree" "^1.0.5"
     "@webassemblyjs/ast" "^1.12.1"
     "@webassemblyjs/wasm-edit" "^1.12.1"
@@ -4458,7 +4441,7 @@ webpack@^5.93.0:
     acorn-import-attributes "^1.9.5"
     browserslist "^4.21.10"
     chrome-trace-event "^1.0.2"
-    enhanced-resolve "^5.17.0"
+    enhanced-resolve "^5.17.1"
     es-module-lexer "^1.2.1"
     eslint-scope "5.1.1"
     events "^3.2.0"

diff --git a/zap/README.md b/zap/README.md
@@ -9,35 +9,35 @@
 
 **Attention!** 意図しない外部サイトへの攻撃を防ぐため、 OWASP ZAP は必ず **プロテクトモード** で使用してください
 
-1. docker-compose を使用して EC-CUBE をインストールします
+1. docker compose を使用して EC-CUBE をインストールします
     ```shell
     # MySQL を使用する例
     export COMPOSE_FILE=docker-compose.yml:docker-compose.mysql.yml:docker-compose.dev.yml:docker-compose.owaspzap.yml:docker-compose.owaspzap.daemon.yml
-    docker-compose up -d
+    docker compose up -d
     # PostgreSQL を使用する例
     export COMPOSE_FILE=docker-compose.yml:docker-compose.pgsql.yml:docker-compose.dev.yml:docker-compose.owaspzap.yml:docker-compose.owaspzap.daemon.yml
-    docker-compose up -d
+    docker compose up -d
 1. テスト用のデータを生成します    ```
     ```shell
     # MySQL を使用する例
     ## ec-cube2/cli をインストールしておく
-    docker-compose exec ec-cube composer install
-    docker-compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" --ignore-platform-req=php -W
-    docker-compose exec -T ec-cube composer update 'symfony/*' --ignore-platform-req=php -W
+    docker compose exec ec-cube composer install
+    docker compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" --ignore-platform-req=php -W
+    docker compose exec -T ec-cube composer update 'symfony/*' --ignore-platform-req=php -W
     ## ダミーデータを生成
-    docker-compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
+    docker compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
     ## メールアドレスを zap_user@example.com に変更
-    docker-compose exec mysql mysql --user=eccube_db_user --password=password eccube_db -e "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT customer_id FROM (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0) AS A);"
+    docker compose exec mysql mysql --user=eccube_db_user --password=password eccube_db -e "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT customer_id FROM (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0) AS A);"
 
     # PostgreSQL を使用する例
     ## ec-cube2/cli をインストールしておく
-    docker-compose exec ec-cube composer install
-    docker-compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" --ignore-platform-req=php -W
-    docker-compose exec -T ec-cube composer update 'symfony/*' --ignore-platform-req=php -W
+    docker compose exec ec-cube composer install
+    docker compose exec -T ec-cube composer require ec-cube2/cli "dev-master@dev" --ignore-platform-req=php -W
+    docker compose exec -T ec-cube composer update 'symfony/*' --ignore-platform-req=php -W
     ## ダミーデータを生成
-    docker-compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
+    docker compose exec -T ec-cube php data/vendor/bin/eccube eccube:fixtures:generate --products=5 --customers=1 --orders=5
     ## メールアドレスを zap_user@example.com に変更
-    docker-compose exec postgres psql --user=eccube_db_user eccube_db -c "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0);"
+    docker compose exec postgres psql --user=eccube_db_user eccube_db -c "UPDATE dtb_customer SET email = 'zap_user@example.com' WHERE customer_id = (SELECT MAX(customer_id) FROM dtb_customer WHERE status = 2 AND del_flg = 0);"
     ```
 1. OWASP ZAP を起動します。Firefox 以外のブラウザで `http://localhost:8081/zap/` へアクセスすると、OWASP ZAP の管理画面が表示されます
 1. Firefox を起動し、設定→ネットワーク設定→接続設定からプロキシーの設定をします
@@ -53,11 +53,11 @@
 1. コンテキストをインポートします。
     ```shell
     ## 管理画面用
-    docker-compose exec zap zap-cli -p 8090 context import /zap/wrk/admin.context
+    docker compose exec zap zap-cli -p 8090 context import /zap/wrk/admin.context
     ## フロント(ログイン用)
-    docker-compose exec zap zap-cli -p 8090 context import /zap/wrk/front_login.context
+    docker compose exec zap zap-cli -p 8090 context import /zap/wrk/front_login.context
     ## フロント(ゲスト用)
-    docker-compose exec zap zap-cli -p 8090 context import /zap/wrk/front_guest.context
+    docker compose exec zap zap-cli -p 8090 context import /zap/wrk/front_guest.context
     ```
    **Note:** *複数のコンテキストを同時にインポートすると、セッションが競合してログインできなくなる場合があるため注意*
    {: .notice--warning}