From 857ca69a7740fae43a22fca68482501661044435 Mon Sep 17 00:00:00 2001
From: pineray <matsudaterutaka@gmail.com>
Date: Thu, 18 Aug 2022 14:38:46 +0900
Subject: [PATCH 1/2] =?UTF-8?q?=E9=80=A3=E7=B6=9A=E3=81=99=E3=82=8B?=
 =?UTF-8?q?=E3=82=B9=E3=83=A9=E3=83=83=E3=82=B7=E3=83=A5=E3=81=8C=E5=90=AB?=
 =?UTF-8?q?=E3=81=BE=E3=82=8C=E3=82=8B=E5=A0=B4=E5=90=88=E3=81=AF=E3=82=A8?=
 =?UTF-8?q?=E3=83=A9=E3=83=BC=E3=81=A8=E3=81=AA=E3=82=8B=E3=82=88=E3=81=86?=
 =?UTF-8?q?=E3=81=AB=E5=A4=89=E6=9B=B4?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/Eccube/Form/Type/Admin/BlockType.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Eccube/Form/Type/Admin/BlockType.php b/src/Eccube/Form/Type/Admin/BlockType.php
index 1b6a8e139dd..8885d1998f7 100644
--- a/src/Eccube/Form/Type/Admin/BlockType.php
+++ b/src/Eccube/Form/Type/Admin/BlockType.php
@@ -77,6 +77,9 @@ public function buildForm(FormBuilderInterface $builder, array $options)
                     new Assert\Regex([
                         'pattern' => '/^[0-9a-zA-Z\/_]+$/',
                     ]),
+                    new Assert\Regex([
+                        'pattern' => '/^(?!.*\/\/).+$/',
+                    ]),
                 ],
             ])
             ->add('block_html', TextareaType::class, [

From 16133347af10109ffeab32c2d50fe80a2faf5219 Mon Sep 17 00:00:00 2001
From: pineray <matsudaterutaka@gmail.com>
Date: Wed, 24 Aug 2022 09:54:35 +0900
Subject: [PATCH 2/2] =?UTF-8?q?=E3=83=A6=E3=83=8B=E3=83=83=E3=83=88?=
 =?UTF-8?q?=E3=83=86=E3=82=B9=E3=83=88=E3=82=92=E8=BF=BD=E5=8A=A0?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../Tests/Form/Type/Admin/BlockTypeTest.php   | 113 ++++++++++++++++++
 1 file changed, 113 insertions(+)
 create mode 100644 tests/Eccube/Tests/Form/Type/Admin/BlockTypeTest.php

diff --git a/tests/Eccube/Tests/Form/Type/Admin/BlockTypeTest.php b/tests/Eccube/Tests/Form/Type/Admin/BlockTypeTest.php
new file mode 100644
index 00000000000..e3c7531b84a
--- /dev/null
+++ b/tests/Eccube/Tests/Form/Type/Admin/BlockTypeTest.php
@@ -0,0 +1,113 @@
+<?php
+
+namespace Eccube\Tests\Form\Type\Admin;
+
+use Eccube\Entity\Master\DeviceType;
+use Eccube\Form\Type\Admin\BlockType;
+use Symfony\Component\HttpFoundation\Request;
+
+class BlockTypeTest extends \Eccube\Tests\Form\Type\AbstractTypeTestCase
+{
+    /** @var \Symfony\Component\Form\FormInterface */
+    protected $form;
+
+    /** @var array デフォルト値（正常系）を設定 */
+    protected $formData = [
+        'name' => 'new/Block_1',
+        'file_name' => 'file_name',
+        'block_html' => '<p>test</p>',
+        'DeviceType' => DeviceType::DEVICE_TYPE_MB,
+        'id' => 1,
+    ];
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        // CSRF tokenを無効にしてFormを作成
+        // ブロック登録・編集
+        $this->form = $this->formFactory
+            ->createBuilder(BlockType::class, null, [
+                'csrf_protection' => false,
+            ])
+            ->getForm();
+        self::$container->get('request_stack')->push(new Request());
+    }
+
+    public function testValidData()
+    {
+        $this->form->submit($this->formData);
+        $this->assertTrue($this->form->isValid());
+    }
+
+    public function testInvalidNameBlank()
+    {
+        $this->formData['name'] = '';
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['name']->isValid());
+    }
+
+    public function testInvalidNameMaxLengthInvalid()
+    {
+        $str = str_repeat('S', $this->eccubeConfig['eccube_stext_len']).'S';
+        $this->formData['name'] = $str;
+
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['name']->isValid());
+    }
+
+    public function testInvalidNameMaxLengthValid()
+    {
+        $str = str_repeat('S', $this->eccubeConfig['eccube_stext_len']);
+        $this->formData['name'] = $str;
+
+        $this->form->submit($this->formData);
+        $this->assertTrue($this->form['name']->isValid());
+    }
+
+    public function testInvalidFileNameBlank()
+    {
+        $this->formData['file_name'] = '';
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['file_name']->isValid());
+    }
+
+    public function testInvalidFileNameMaxLengthInvalid()
+    {
+        $str = str_repeat('S', $this->eccubeConfig['eccube_stext_len']).'S';
+        $this->formData['file_name'] = $str;
+
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['file_name']->isValid());
+    }
+
+    public function testInvalidFileNameMaxLengthValid()
+    {
+        $str = str_repeat('S', $this->eccubeConfig['eccube_stext_len']);
+        $this->formData['file_name'] = $str;
+
+        $this->form->submit($this->formData);
+        $this->assertTrue($this->form['file_name']->isValid());
+    }
+
+    public function testInvalidFileNameCharacter()
+    {
+        $this->formData['file_name'] = 'new/Block_1.*{;';
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['file_name']->isValid());
+    }
+
+    public function testInvalidFileNameContinuousSlashes()
+    {
+        $this->formData['file_name'] = 'new//Block_1';
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['file_name']->isValid());
+    }
+
+    public function testInvalidBlockHtmlBlank()
+    {
+        $this->formData['block_html'] = '';
+        $this->form->submit($this->formData);
+        $this->assertFalse($this->form['block_html']->isValid());
+    }
+}