public function procShopFilter() { if (!$goto = Context::get('goto') ? Context::get('goto') : $_SERVER['HTTP_REFERER']) { throw new ShopException('Nowhere to go back to'); } if (isset($_GET['filter']) && is_array($filters = $_GET['filter'])) { /** * Context::get doesn't seem to work for arrays (such as filter) * so we must perform strict input checks to avoid injections. */ $goto = FrontFilters::redirectUrl($goto, $filters); } $this->setRedirectUrl($goto); }
public static function redirectUrl($originalUrl, array $filters) { $params = array(); if (isset($filters['price'])) { $price = $filters['price']; $minPriceKey = self::FROM_PRICE_MIN; if (isset($price[$minPriceKey]) && is_numeric($price[$minPriceKey])) { $params[self::TO_PRICE_MIN] = $price[$minPriceKey] > 0 ? $price[$minPriceKey] : null; } $maxPriceKey = self::FROM_PRICE_MAX; if (isset($price[$maxPriceKey]) && is_numeric($price[$maxPriceKey]) && $price[$maxPriceKey] > 0) { //TODO: set to null if max price $params[self::TO_PRICE_MAX] = $price[$maxPriceKey]; } } if (isset($filters['attributes']) && is_array($attributes = $filters['attributes'])) { $aRepo = new AttributeRepository(); $out = $aRepo->get(array_keys($attributes), 'getAttributesBySrls'); $objects = array(); foreach ($out as $o) { $objects[$o->attribute_srl] = $o; } unset($out); foreach ($attributes as $srl => $filterValue) { if (array_key_exists($srl, $objects)) { /** @var $attribute Attribute */ $attribute = $objects[$srl]; if ($filterValue) { if ($attribute->isNumeric()) { if (is_array($filterValue)) { if (isset($filterValue['min']) && ctype_digit($filterValue['min']) && $filterValue['min']) { $key = str_replace('SRL', $srl, self::TO_ATTRIBUTE_NUMERIC_MIN); if ($filterValue['min'] != $attribute->getMinValue()) { $params[$key] = $filterValue['min']; } } if (isset($filterValue['max']) && ctype_digit($filterValue['max']) && $filterValue['max']) { $key = str_replace('SRL', $srl, self::TO_ATTRIBUTE_NUMERIC_MAX); if ($filterValue['max'] != $attribute->getMaxValue()) { $params[$key] = $filterValue['max']; } } } } elseif ($attribute->isSelect()) { $key = str_replace('SRL', $srl, self::TO_ATTRIBUTE_SELECT); $params[$key] = $filterValue; } elseif ($attribute->isMultipleSelect()) { $key = str_replace('SRL', $srl, self::TO_ATTRIBUTE_SELECT_MULTIPLE); $params[$key] = implode(self::SEPARATOR_MULTIPLE, $filterValue); } } } } } //force it go to dispShop $params = array_merge(array('act' => 'dispShop'), $params); //unset empty filters meant to be removed $originalQuery = parse_url($originalUrl, PHP_URL_QUERY); parse_str($originalQuery, $originalQueryParts); $newQueryParts = array_merge($originalQueryParts, $params); $patterns = array(self::TO_ATTRIBUTE_NUMERIC_MIN, self::TO_ATTRIBUTE_NUMERIC_MAX, self::TO_ATTRIBUTE_SELECT, self::TO_ATTRIBUTE_SELECT_MULTIPLE); foreach ($newQueryParts as $k => $p) { if (!isset($params[$k])) { foreach ($patterns as $pattern) { if (preg_match("/" . str_replace('SRL', '(\\d+)', $pattern) . "/i", $k)) { unset($newQueryParts[$k]); } } } } $newQuery = http_build_query($newQueryParts); $goto = $originalQuery ? str_replace("?{$originalQuery}", "?{$newQuery}", $originalUrl) : FrontFilters::http_build_url($originalUrl, array('query' => http_build_query($params)), HTTP_URL_JOIN_QUERY); return $goto; }
public function dispShopSearch() { $product_repository = new ProductRepository(); $page = Context::get('page'); $search = Context::get('q'); $args = new stdClass(); $args->module_srl = $this->module_srl; FrontFilters::work($args); $args->sku = $search; $args->title = $search; $args->description = $search; $args->page = $page; $category_srl = Context::get('search_category_srl'); if($category_srl) $args->category_srls = array($category_srl); $output = $product_repository->getProductList($args); Context::set('products', $output->products); Context::set('page_navigation', $output->page_navigation); Context::set('search_value', $search); $this->loadShopCategoryTree(); $this->setTemplateFile("product_search.html"); }