From 417c51f60d9cbb6f775afb752acf4814dc62e61d Mon Sep 17 00:00:00 2001
From: Terry <2358269014@qq.com>
Date: Mon, 11 Dec 2017 10:06:18 +0800
Subject: [PATCH] =?UTF-8?q?=E8=AE=A2=E5=8D=95=E5=A4=87=E6=B3=A8=E5=AE=8C?=
=?UTF-8?q?=E5=96=84?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../block/paypal/express/Placeorder.php | 22 ++++++++++++++++---
.../front/payment/paypal/express/review.php | 5 +++++
.../block/paypal/express/Placeorder.php | 22 ++++++++++++++++---
.../checkout/onepage/index/review_order.php | 8 +++----
.../html5/payment/paypal/express/review.php | 6 ++++-
.../paypal/express/review/review_order.php | 8 +++----
.../block/paypal/express/Placeorder.php | 21 +++++++++++++++---
7 files changed, 74 insertions(+), 18 deletions(-)
diff --git a/app/appfront/modules/Payment/block/paypal/express/Placeorder.php b/app/appfront/modules/Payment/block/paypal/express/Placeorder.php
index 4cebc4d9..42c19f24 100644
--- a/app/appfront/modules/Payment/block/paypal/express/Placeorder.php
+++ b/app/appfront/modules/Payment/block/paypal/express/Placeorder.php
@@ -31,7 +31,10 @@ class Placeorder
* 用户的支付方式.
*/
public $_payment_method;
-
+ /**
+ * 订单备注信息.
+ */
+ public $_order_remark;
public function getLastData()
{
$post = Yii::$app->request->post();
@@ -59,7 +62,7 @@ class Placeorder
// 将购物车数据,生成订单,生成订单后,不清空购物车,不扣除库存,在支付成功后在清空购物车。
$innerTransaction = Yii::$app->db->beginTransaction();
try {
- $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false,$token);
+ $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false, $token, $this->_order_remark);
if ($genarateStatus) {
$innerTransaction->commit();
} else {
@@ -223,7 +226,20 @@ class Placeorder
return false;
}
}
-
+ // 订单备注信息不能超过1500字符
+ $orderRemarkStrMaxLen = Yii::$service->order->orderRemarkStrMaxLen;
+ $order_remark = isset($post['order_remark']) ? $post['order_remark'] : '';
+ if ($order_remark && $orderRemarkStrMaxLen) {
+ $order_remark_strlen = strlen($order_remark);
+ if ($order_remark_strlen > $orderRemarkStrMaxLen) {
+ Yii::$service->helper->errors->add('order remark string length can not gt '.$orderRemarkStrMaxLen);
+
+ return false;
+ } else {
+ // 去掉xss攻击字符,关于防止xss攻击的yii文档参看:http://www.yiichina.com/doc/guide/2.0/security-best-practices#fang-zhi-xss-gong-ji
+ $this->_order_remark = $order_remark;
+ }
+ }
$this->_shipping_method = $shipping_method;
$this->_payment_method = $payment_method;
Yii::$service->payment->setPaymentMethod($this->_payment_method);
diff --git a/app/appfront/theme/base/front/payment/paypal/express/review.php b/app/appfront/theme/base/front/payment/paypal/express/review.php
index 267f8f8b..83ef95f6 100644
--- a/app/appfront/theme/base/front/payment/paypal/express/review.php
+++ b/app/appfront/theme/base/front/payment/paypal/express/review.php
@@ -66,6 +66,11 @@
+
+
= Yii::$service->page->translate->__('Order Remark (optional)');?>
+
+
+
diff --git a/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php b/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
index 907a832c..798b4be4 100644
--- a/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
+++ b/app/apphtml5/modules/Payment/block/paypal/express/Placeorder.php
@@ -31,7 +31,10 @@ class Placeorder
* 用户的支付方式.
*/
public $_payment_method;
-
+ /**
+ * 订单备注信息.
+ */
+ public $_order_remark;
public function getLastData()
{
$post = Yii::$app->request->post();
@@ -59,7 +62,7 @@ class Placeorder
// 将购物车数据,生成订单,生成订单后,不清空购物车,不扣除库存,在支付成功后在清空购物车。
$innerTransaction = Yii::$app->db->beginTransaction();
try {
- $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false,$token);
+ $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false, $token, $this->_order_remark);
if ($genarateStatus) {
$innerTransaction->commit();
} else {
@@ -223,7 +226,20 @@ class Placeorder
return false;
}
}
-
+ // 订单备注信息不能超过1500字符
+ $orderRemarkStrMaxLen = Yii::$service->order->orderRemarkStrMaxLen;
+ $order_remark = isset($post['order_remark']) ? $post['order_remark'] : '';
+ if ($order_remark && $orderRemarkStrMaxLen) {
+ $order_remark_strlen = strlen($order_remark);
+ if ($order_remark_strlen > $orderRemarkStrMaxLen) {
+ Yii::$service->helper->errors->add('order remark string length can not gt '.$orderRemarkStrMaxLen);
+
+ return false;
+ } else {
+ // 去掉xss攻击字符,关于防止xss攻击的yii文档参看:http://www.yiichina.com/doc/guide/2.0/security-best-practices#fang-zhi-xss-gong-ji
+ $this->_order_remark = $order_remark;
+ }
+ }
$this->_shipping_method = $shipping_method;
$this->_payment_method = $payment_method;
Yii::$service->payment->setPaymentMethod($this->_payment_method);
diff --git a/app/apphtml5/theme/base/html5/checkout/onepage/index/review_order.php b/app/apphtml5/theme/base/html5/checkout/onepage/index/review_order.php
index 5167893d..6d568595 100644
--- a/app/apphtml5/theme/base/html5/checkout/onepage/index/review_order.php
+++ b/app/apphtml5/theme/base/html5/checkout/onepage/index/review_order.php
@@ -60,25 +60,25 @@ use fecshop\app\apphtml5\helper\Format;
- = Yii::$service->page->translate->__('Subtotal') ?> |
+ = Yii::$service->page->translate->__('Subtotal') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['product_total']); ?>
|
- = Yii::$service->page->translate->__('Shipping Cost') ?> |
+ = Yii::$service->page->translate->__('Shipping Cost') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['shipping_cost']); ?>
|
- = Yii::$service->page->translate->__('Discount') ?> |
+ = Yii::$service->page->translate->__('Discount') ?> |
-= $currency_info['symbol']; ?>= Format::price($cart_info['coupon_cost']); ?>
|
- = Yii::$service->page->translate->__('Grand Total') ?> |
+ = Yii::$service->page->translate->__('Grand Total') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['grand_total']) ?>
|
diff --git a/app/apphtml5/theme/base/html5/payment/paypal/express/review.php b/app/apphtml5/theme/base/html5/payment/paypal/express/review.php
index a25f7b22..362058d1 100644
--- a/app/apphtml5/theme/base/html5/payment/paypal/express/review.php
+++ b/app/apphtml5/theme/base/html5/payment/paypal/express/review.php
@@ -65,7 +65,11 @@
-
+
+
= Yii::$service->page->translate->__('Order Remark (optional)');?>
+
+
+
diff --git a/app/apphtml5/theme/base/html5/payment/paypal/express/review/review_order.php b/app/apphtml5/theme/base/html5/payment/paypal/express/review/review_order.php
index 51488ae4..b7d9a290 100644
--- a/app/apphtml5/theme/base/html5/payment/paypal/express/review/review_order.php
+++ b/app/apphtml5/theme/base/html5/payment/paypal/express/review/review_order.php
@@ -61,25 +61,25 @@ use fecshop\app\apphtml5\helper\Format;
- = Yii::$service->page->translate->__('Subtotal') ?> |
+ = Yii::$service->page->translate->__('Subtotal') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['product_total']); ?>
|
- = Yii::$service->page->translate->__('Shipping Cost') ?> |
+ = Yii::$service->page->translate->__('Shipping Cost') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['shipping_cost']); ?>
|
- = Yii::$service->page->translate->__('Discount') ?> |
+ = Yii::$service->page->translate->__('Discount') ?> |
-= $currency_info['symbol']; ?>= Format::price($cart_info['coupon_cost']); ?>
|
- = Yii::$service->page->translate->__('Grand Total') ?> |
+ = Yii::$service->page->translate->__('Grand Total') ?> |
= $currency_info['symbol']; ?>= Format::price($cart_info['grand_total']) ?>
|
diff --git a/app/appserver/modules/Payment/block/paypal/express/Placeorder.php b/app/appserver/modules/Payment/block/paypal/express/Placeorder.php
index 2e7f1397..4a8a2dbc 100644
--- a/app/appserver/modules/Payment/block/paypal/express/Placeorder.php
+++ b/app/appserver/modules/Payment/block/paypal/express/Placeorder.php
@@ -31,7 +31,9 @@ class Placeorder
* 用户的支付方式.
*/
public $_payment_method;
-
+
+ public $_order_remark;
+
public function getLastData()
{
$post = Yii::$app->request->post();
@@ -66,7 +68,7 @@ class Placeorder
// 将购物车数据,生成订单,生成订单后,不清空购物车,不扣除库存,在支付成功后在清空购物车。
$innerTransaction = Yii::$app->db->beginTransaction();
try {
- $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false,$token);
+ $genarateStatus = Yii::$service->order->generateOrderByCart($this->_billing, $this->_shipping_method, $this->_payment_method, false, $token, $this->_order_remark);
if ($genarateStatus) {
$innerTransaction->commit();
} else {
@@ -266,7 +268,20 @@ class Placeorder
}
}
-
+ // 订单备注信息不能超过1500字符
+ $orderRemarkStrMaxLen = Yii::$service->order->orderRemarkStrMaxLen;
+ $order_remark = isset($post['order_remark']) ? $post['order_remark'] : '';
+ if ($order_remark && $orderRemarkStrMaxLen) {
+ $order_remark_strlen = strlen($order_remark);
+ if ($order_remark_strlen > $orderRemarkStrMaxLen) {
+ Yii::$service->helper->errors->add('order remark string length can not gt '.$orderRemarkStrMaxLen);
+
+ return false;
+ } else {
+ // 去掉xss攻击字符,关于防止xss攻击的yii文档参看:http://www.yiichina.com/doc/guide/2.0/security-best-practices#fang-zhi-xss-gong-ji
+ $this->_order_remark = $order_remark;
+ }
+ }
$this->_shipping_method = $shipping_method;
$this->_payment_method = $payment_method;
Yii::$service->payment->setPaymentMethod($this->_payment_method);
--
GitLab