fe / yohobuywap-node · Commits

Go to a project

Authored by 陈峰
Commit 7af685b7f779f4dc46d72054b888a5157f67b094 2 parents 097320fe 5612c476

Merge branch 'gray' into 'master' 

Gray



See merge request !1466
Inline Side-by-side
Showing 25 changed files with 102 additions and 42 deletions
@@ -5,6 +5,7 @@ const semver = require('semver'); @@ -5,6 +5,7 @@ const semver = require('semver');
5 const questionModel = require('../models/question'); 5 const questionModel = require('../models/question');
6 const headerModel = require('../../../doraemon/models/header'); // 头部model 6 const headerModel = require('../../../doraemon/models/header'); // 头部model
7 const geetest = require('../../passport/controllers/geetest'); 7 const geetest = require('../../passport/controllers/geetest');
  8 +const cleanHtml = require('../../../utils/cleanHtml');
8 9
9 exports.list = (req, res, next) => { 10 exports.list = (req, res, next) => {
10 let canShare = false; 11 let canShare = false;
@@ -92,6 +93,15 @@ exports.submit = (req, res, next) => { @@ -92,6 +93,15 @@ exports.submit = (req, res, next) => {
92 params.sourceType = 'PC'; 93 params.sourceType = 'PC';
93 } 94 }
94 95
  96 + let frontAnswers = JSON.parse(params.frontAnswers || '[]') || [];
  97 +
  98 + _.each(frontAnswers, item => {
  99 + if (item.addon) {
  100 + item.addon = cleanHtml.htmlEncode(item.addon);
  101 + }
  102 + });
  103 +
  104 + params.frontAnswers = JSON.stringify(frontAnswers);
95 req.ctx(questionModel).submitQuestion(params).then(result => { 105 req.ctx(questionModel).submitQuestion(params).then(result => {
96 res.send(result); 106 res.send(result);
97 }).catch(next); 107 }).catch(next);
@@ -70,7 +70,7 @@ router.post('/index/new/decrbundle', indexController.decrBundle); // 购物车 @@ -70,7 +70,7 @@ router.post('/index/new/decrbundle', indexController.decrBundle); // 购物车
70 router.get('/index/buynow/orderensure', authMW, disableBFCache, BuyNowController.orderEnsure); // 立即购买订单确认页面 70 router.get('/index/buynow/orderensure', authMW, disableBFCache, BuyNowController.orderEnsure); // 立即购买订单确认页面
71 router.post('/index/buynow/ordercompute', authMW, BuyNowController.orderCompute); // 立即购买订单重新计算 71 router.post('/index/buynow/ordercompute', authMW, BuyNowController.orderCompute); // 立即购买订单重新计算
72 router.post('/index/buynow/ordersub', authMW, BuyNowController.orderSub); // 立即购买订单提交 72 router.post('/index/buynow/ordersub', authMW, BuyNowController.orderSub); // 立即购买订单提交
73 -router.get('/index/buynow/selectAddress', authMW, BuyNowController.selectAddress); // 选择地址 73 +router.get('/index/buynow/selectAddress', authMW, csrf, BuyNowController.selectAddress); // 选择地址
74 router.get('/index/buynow/selectInvoice', authMW, BuyNowController.selectInvoice); // 发票信息 74 router.get('/index/buynow/selectInvoice', authMW, BuyNowController.selectInvoice); // 发票信息
75 router.get('/index/buynow/selectCoupon', authMW, BuyNowController.selectCoupon); // 选择优惠券页面 75 router.get('/index/buynow/selectCoupon', authMW, BuyNowController.selectCoupon); // 选择优惠券页面
76 router.post('/index/buynow/useCouponCode', BuyNowController.useCouponCode); // [ajax]输入优惠券码使用优惠券 76 router.post('/index/buynow/useCouponCode', BuyNowController.useCouponCode); // [ajax]输入优惠券码使用优惠券
1 <div class="my-address-page select-address-page yoho-page"> 1 <div class="my-address-page select-address-page yoho-page">
2 <div class="page-wrap clearfix"> 2 <div class="page-wrap clearfix">
3 {{# address}} 3 {{# address}}
  4 + <input type="hidden" name="_csrf" value="{{@root.csrfToken}}"/>
4 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}"> 5 <div class="address-item" data-address-id="{{address_id}}" data-is-support="{{is_support}}" data-href="{{../moreUrl}}">
5 <span class="name">{{{consignee}}}</span> 6 <span class="name">{{{consignee}}}</span>
6 <span class="tel">{{mobile}}</span> 7 <span class="tel">{{mobile}}</span>
7 - <p class="address-info">{{area}} {{{address}}}</p> 8 + <p class="address-info" data-address="{{area}} {{address}}">{{area}} {{{address}}}</p>
8 <div class="action iconfont"> 9 <div class="action iconfont">
9 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span> 10 <span class="edit" data-href="/home/addressAct?id={{address_id}}&refer=buynow&product_sku={{../product_sku}}&buy_number={{../buy_number}}">&#xe61e;</span>
10 <span class="del" data-id="{{address_id}}">&#xe621;</span> 11 <span class="del" data-id="{{address_id}}">&#xe621;</span>
@@ -178,7 +178,7 @@ router.post('/return/refund/cancel-apply', auth, refund.cancelApply); // 退货 @@ -178,7 +178,7 @@ router.post('/return/refund/cancel-apply', auth, refund.cancelApply); // 退货
178 router.get('/return/refund/getCompanyList', auth, refund.getCompanyList); // 获取快递公司 178 router.get('/return/refund/getCompanyList', auth, refund.getCompanyList); // 获取快递公司
179 179
180 // 换货申请 180 // 换货申请
181 -router.get('/return/exchange', auth, exchange.exchange); // 换货申请 181 +router.get('/return/exchange', auth, csrf, exchange.exchange); // 换货申请
182 router.get('/return/exchange/order', auth, exchange.order); // AJAX 获取订单 商品 182 router.get('/return/exchange/order', auth, exchange.order); // AJAX 获取订单 商品
183 router.get('/return/exchange/delivery', auth, exchange.delivery); // AJAX 获取 退货方式 183 router.get('/return/exchange/delivery', auth, exchange.delivery); // AJAX 获取 退货方式
184 router.post('/return/exchange/submit', auth, exchange.submit); // AJAX 提交换货 申请 184 router.post('/return/exchange/submit', auth, exchange.submit); // AJAX 提交换货 申请
1 {{! HOME-换货}} 1 {{! HOME-换货}}
2 <div class="return-exchange-page yoho-page"> 2 <div class="return-exchange-page yoho-page">
3 <div id="exchange"> 3 <div id="exchange">
  4 + <input type="hidden" value="{{csrfToken}}" name="_csrf">
4 <exchange></exchange> 5 <exchange></exchange>
5 </div> 6 </div>
6 </div> 7 </div>
1 { 1 {
2 "name": "yohobuywap-node", 2 "name": "yohobuywap-node",
3 - "version": "6.6.17", 3 + "version": "6.6.18",
4 "private": true, 4 "private": true,
5 "description": "A New Yohobuy Project With Express", 5 "description": "A New Yohobuy Project With Express",
6 "repository": { 6 "repository": {
@@ -110,11 +110,24 @@ let question = { @@ -110,11 +110,24 @@ let question = {
110 } 110 }
111 $wrap.slideDown(); 111 $wrap.slideDown();
112 }, 112 },
  113 + _validationPartten: function(val) {
  114 + let validationPartten = /['"<>&\|]|--/g,
  115 + matchChars,
  116 + errText;
  117 +
  118 + if (validationPartten.test(val)) {
  119 + matchChars = val.match(validationPartten).join(' ');
  120 + errText = '不可以输入 ' + matchChars + ' 哦!';
  121 + }
  122 +
  123 + return errText;
  124 + },
113 packAnswersInfo: function() { 125 packAnswersInfo: function() {
114 let that = this; 126 let that = this;
115 let answer = []; 127 let answer = [];
116 let $errDom; 128 let $errDom;
117 129
  130 +
118 this.$item.each(function() { 131 this.$item.each(function() {
119 let $this = $(this); 132 let $this = $(this);
120 133
@@ -136,13 +149,12 @@ let question = { @@ -136,13 +149,12 @@ let question = {
136 answerIndex: ans.length, 149 answerIndex: ans.length,
137 addon: val 150 addon: val
138 }); 151 });
  152 + errText = that._validationPartten(val);
139 } 153 }
140 154
141 if (val.length > 400) { 155 if (val.length > 400) {
142 errText = '输入内容过长'; 156 errText = '输入内容过长';
143 } 157 }
144 -  
145 -  
146 }); 158 });
147 } else { 159 } else {
148 $this.find('.on').each(function() { 160 $this.find('.on').each(function() {
@@ -155,6 +167,7 @@ let question = { @@ -155,6 +167,7 @@ let question = {
155 167
156 if ($input && $input.length) { 168 if ($input && $input.length) {
157 a.addon = $input.val(); 169 a.addon = $input.val();
  170 + errText = that._validationPartten(a.addon);
158 } 171 }
159 172
160 ans.push(a); 173 ans.push(a);
1 let Vue = require('vue'); 1 let Vue = require('vue');
2 2
3 -let app = require('activity/demo/index.vue'); 3 +let app = require('activity/demo/index.vue').default;
4 4
5 new Vue({ 5 new Vue({
6 el: '#app', 6 el: '#app',
@@ -22,7 +22,7 @@ $('.address-item').on('click', function() { @@ -22,7 +22,7 @@ $('.address-item').on('click', function() {
22 address_id: addressId, 22 address_id: addressId,
23 consignee: $this.find('.name').text(), 23 consignee: $this.find('.name').text(),
24 mobile: $this.find('.tel').text(), 24 mobile: $this.find('.tel').text(),
25 - address_info: $this.find('.address-info').text(), 25 + address_info: $this.find('.address-info').data('address'),
26 is_support: $this.data('is-support') 26 is_support: $this.data('is-support')
27 }; 27 };
28 28
@@ -4,6 +4,7 @@ @@ -4,6 +4,7 @@
4 * @date: 2015/10/21 4 * @date: 2015/10/21
5 */ 5 */
6 let $ = require('yoho-jquery'); 6 let $ = require('yoho-jquery');
  7 +let yohoCookie = require('yoho-cookie');
7 8
8 let $footer = $('#yoho-footer'), 9 let $footer = $('#yoho-footer'),
9 $yohoPage = $('.yoho-page'), 10 $yohoPage = $('.yoho-page'),
@@ -23,18 +24,21 @@ let _ChannelVary = { @@ -23,18 +24,21 @@ let _ChannelVary = {
23 require('./common/share'); 24 require('./common/share');
24 25
25 function cookie(name) { 26 function cookie(name) {
26 - var re = new RegExp(name + '=([^;$]*)', 'i'),  
27 - matchPattern = '$1';  
28 27
29 - if (name === '_UID') {  
30 - return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');  
31 - } 28 + // var re = new RegExp(name + '=([^;$]*)', 'i'),
  29 + // matchPattern = '$1';
32 30
33 - try {  
34 - return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';  
35 - } catch (e) {  
36 - return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');  
37 - } 31 + // if (name === '_UID') {
  32 + // return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');
  33 + // }
  34 +
  35 + // try {
  36 + // return re.test(decodeURIComponent(document.cookie)) ? RegExp[matchPattern] : '';
  37 + // } catch (e) {
  38 + // return decodeURIComponent(re.test(document.cookie) ? RegExp[matchPattern] : '');
  39 + // }
  40 +
  41 + return yohoCookie.get(name);
38 } 42 }
39 43
40 function setCookie(name, value, options) { 44 function setCookie(name, value, options) {
@@ -14,8 +14,7 @@ let $province = $('input[name=province]'); @@ -14,8 +14,7 @@ let $province = $('input[name=province]');
14 let $provinceCode = $('input[name=provinceCode]'); 14 let $provinceCode = $('input[name=provinceCode]');
15 let $area = $('#area'); 15 let $area = $('#area');
16 let $usernameInput = $areaForm.find('input[name=username]'); 16 let $usernameInput = $areaForm.find('input[name=username]');
17 -  
18 -let vueAddressAct = require('home/address/address-act.vue'); 17 +let vueAddressAct = require('home/address/address-act.vue').default;
19 18
20 let addressVact = new Vue({ 19 let addressVact = new Vue({
21 el: '#vAddressAct', 20 el: '#vAddressAct',
1 const Vue = require('vue'); 1 const Vue = require('vue');
2 const lazyload = require('vue-lazyload'); 2 const lazyload = require('vue-lazyload');
3 -const exchange = require('home/exchange/exchange.vue'); 3 +const exchange = require('home/exchange/exchange.vue').default;
4 const bus = require('plugin/vue-bus'); 4 const bus = require('plugin/vue-bus');
5 const yohoApp = require('yoho-app'); 5 const yohoApp = require('yoho-app');
6 6
1 const Vue = require('vue'); 1 const Vue = require('vue');
2 -const Logistics = require('home/refund/logistics.vue');  
3 -const LogisticsCompany = require('home/refund/logistics-company.vue'); 2 +const Logistics = require('home/refund/logistics.vue').default;
  3 +const LogisticsCompany = require('home/refund/logistics-company.vue').default;
4 const bus = require('plugin/vue-bus'); 4 const bus = require('plugin/vue-bus');
5 5
6 new Vue({ 6 new Vue({
@@ -6,7 +6,7 @@ @@ -6,7 +6,7 @@
6 'use strict'; 6 'use strict';
7 require('home/_fraud.css'); 7 require('home/_fraud.css');
8 const Vue = require('vue'); 8 const Vue = require('vue');
9 -const refundOrder = require('home/refund/refund-order.vue'); 9 +const refundOrder = require('home/refund/refund-order.vue').default;
10 const infiniteScroll = require('vue-infinite-scroll'); 10 const infiniteScroll = require('vue-infinite-scroll');
11 11
12 Vue.use(infiniteScroll); 12 Vue.use(infiniteScroll);
1 const Vue = require('vue'); 1 const Vue = require('vue');
2 -const Status = require('home/refund/refund-status.vue'); 2 +const Status = require('home/refund/refund-status.vue').default;
3 const yohoApp = require('yoho-app'); 3 const yohoApp = require('yoho-app');
4 4
5 require('plugin/vue-filter')(Vue); 5 require('plugin/vue-filter')(Vue);
1 const Vue = require('vue'); 1 const Vue = require('vue');
2 const lazyload = require('vue-lazyload'); 2 const lazyload = require('vue-lazyload');
3 const bus = require('plugin/vue-bus'); 3 const bus = require('plugin/vue-bus');
4 -const refund = require('home/refund/refund.vue'); 4 +const refund = require('home/refund/refund.vue').default;
5 const vueFilter = require('plugin/vue-filter'); 5 const vueFilter = require('plugin/vue-filter');
6 const yohoApp = require('yoho-app'); 6 const yohoApp = require('yoho-app');
7 7
@@ -53,8 +53,7 @@ @@ -53,8 +53,7 @@
53 const tip = require('plugin/tip'); 53 const tip = require('plugin/tip');
54 const bus = require('plugin/vue-bus'); 54 const bus = require('plugin/vue-bus');
55 const modal = require('plugin/modal2'); 55 const modal = require('plugin/modal2');
56 -  
57 - const addressAct = require('home/address/address-act.vue'); 56 + const addressAct = require('home/address/address-act.vue').default;
58 57
59 module.exports = { 58 module.exports = {
60 props: ['address'], 59 props: ['address'],
@@ -62,7 +61,8 @@ @@ -62,7 +61,8 @@
62 return { 61 return {
63 addressList: [], 62 addressList: [],
64 showEditAddress: false, 63 showEditAddress: false,
65 - editAddressInfo: {} 64 + editAddressInfo: {},
  65 + csrf: $('input[name=_csrf]').val()
66 }; 66 };
67 }, 67 },
68 created() { 68 created() {
@@ -76,11 +76,26 @@ @@ -76,11 +76,26 @@
76 this.reflushAddressList(); 76 this.reflushAddressList();
77 }, 77 },
78 methods: { 78 methods: {
  79 + htmlDecode(str) {
  80 + str = str || '';
  81 + return str
  82 + .replace(str ? /&(?!#?\w+;)/g : /&/g, '&amp;')
  83 + .replace(/&lt;/g, '<')
  84 + .replace(/&gt;/g, '>')
  85 + .replace(/&quot;/g, '"')
  86 + .replace(/&#39;/g, '\'');
  87 + },
79 reflushAddressList() { 88 reflushAddressList() {
80 $.ajax({ 89 $.ajax({
81 url: '/home/address.json' 90 url: '/home/address.json'
82 }).then(res => { 91 }).then(res => {
83 if (res && res.address) { 92 if (res && res.address) {
  93 + res.address.forEach((item) => {
  94 + item.consignee = this.htmlDecode(item.consignee);
  95 + item.address = this.htmlDecode(item.address);
  96 + return item;
  97 + });
  98 +
84 this.addressList = res.address; 99 this.addressList = res.address;
85 } 100 }
86 }); 101 });
@@ -105,7 +120,10 @@ @@ -105,7 +120,10 @@
105 $.ajax({ 120 $.ajax({
106 method: 'POST', 121 method: 'POST',
107 url: '/home/delAddress', 122 url: '/home/delAddress',
108 - data: {id: id} 123 + data: {
  124 + id: id,
  125 + _csrf: this.csrf
  126 + }
109 }).then(result => { 127 }).then(result => {
110 if (result.code === 200) { 128 if (result.code === 200) {
111 let lastIndex; 129 let lastIndex;
@@ -187,6 +205,8 @@ @@ -187,6 +205,8 @@
187 return; 205 return;
188 } 206 }
189 207
  208 + data._csrf = this.csrf;
  209 +
190 $.ajax({ 210 $.ajax({
191 method: 'POST', 211 method: 'POST',
192 url: '/home/saveAddress', 212 url: '/home/saveAddress',
@@ -37,9 +37,9 @@ @@ -37,9 +37,9 @@
37 const loading = require('plugin/loading'); 37 const loading = require('plugin/loading');
38 const chosePanel = require('common/chose-panel-new'); 38 const chosePanel = require('common/chose-panel-new');
39 39
40 - const productList = require('home/return/list.vue'); 40 + const productList = require('home/return/list.vue').default;
41 const reasonConfig = require('home/return/reason'); 41 const reasonConfig = require('home/return/reason');
42 - const addressList = require('home/address/list.vue'); 42 + const addressList = require('home/address/list.vue').default;
43 43
44 const specialRid = [0, 4, 6, 8]; 44 const specialRid = [0, 4, 6, 8];
45 45
@@ -19,8 +19,8 @@ @@ -19,8 +19,8 @@
19 * 2. 更换产品 款式 19 * 2. 更换产品 款式
20 * 3. 换货 原因 20 * 3. 换货 原因
21 */ 21 */
22 - const product = require('home/return/item.vue');  
23 - const reason = require('home/return/reason.vue'); 22 + const product = require('home/return/item.vue').default;
  23 + const reason = require('home/return/reason.vue').default;
24 const bus = require('plugin/vue-bus'); 24 const bus = require('plugin/vue-bus');
25 25
26 module.exports = { 26 module.exports = {
@@ -15,7 +15,7 @@ @@ -15,7 +15,7 @@
15 15
16 <script> 16 <script>
17 const $ = require('yoho-jquery'); 17 const $ = require('yoho-jquery');
18 - const indexList = require('components/tools/index-list.vue'); 18 + const indexList = require('components/tools/index-list.vue').default;
19 const bus = require('plugin/vue-bus'); 19 const bus = require('plugin/vue-bus');
20 20
21 module.exports = { 21 module.exports = {
@@ -8,8 +8,8 @@ @@ -8,8 +8,8 @@
8 </template> 8 </template>
9 9
10 <script> 10 <script>
11 - const product = require('home/return/item.vue');  
12 - const reason = require('home/return/reason.vue'); 11 + const product = require('home/return/item.vue').default;
  12 + const reason = require('home/return/reason.vue').default;
13 13
14 module.exports = { 14 module.exports = {
15 props: ['product', 'refundData'], 15 props: ['product', 'refundData'],
@@ -142,6 +142,15 @@ @@ -142,6 +142,15 @@
142 this.reload(); 142 this.reload();
143 }, 143 },
144 methods: { 144 methods: {
  145 + htmlDecode(str) {
  146 + str = str || '';
  147 + return str
  148 + .replace(str ? /&(?!#?\w+;)/g : /&/g, '&amp;')
  149 + .replace(/&lt;/g, '<')
  150 + .replace(/&gt;/g, '>')
  151 + .replace(/&quot;/g, '"')
  152 + .replace(/&#39;/g, '\'');
  153 + },
145 reload() { 154 reload() {
146 this.id = ''; 155 this.id = '';
147 this.sourceOrderCode = ''; 156 this.sourceOrderCode = '';
@@ -162,6 +171,9 @@ @@ -162,6 +171,9 @@
162 return; 171 return;
163 } 172 }
164 173
  174 + this.detail.consignee_name = this.htmlDecode(this.detail.consignee_name);
  175 + this.detail.address = this.htmlDecode(this.detail.address);
  176 +
165 this.id = this.detail.id; 177 this.id = this.detail.id;
166 this.sourceOrderCode = this.detail.source_order_code; 178 this.sourceOrderCode = this.detail.source_order_code;
167 } else if (res.code !== 500) { 179 } else if (res.code !== 500) {
@@ -40,7 +40,7 @@ @@ -40,7 +40,7 @@
40 const qs = require('yoho-qs'); 40 const qs = require('yoho-qs');
41 const modal = require('plugin/modal2'); 41 const modal = require('plugin/modal2');
42 const returnUtil = require('plugin/util'); 42 const returnUtil = require('plugin/util');
43 - const productList = require('home/return/list.vue'); 43 + const productList = require('home/return/list.vue').default;
44 const reasonConfig = require('home/return/reason'); 44 const reasonConfig = require('home/return/reason');
45 const bus = require('plugin/vue-bus'); 45 const bus = require('plugin/vue-bus');
46 const loading = require('plugin/loading'); 46 const loading = require('plugin/loading');
@@ -17,9 +17,9 @@ @@ -17,9 +17,9 @@
17 </template> 17 </template>
18 18
19 <script> 19 <script>
20 - const pruduct = require('home/return/item.vue');  
21 - const exchangeItem = require('home/exchange/item.vue');  
22 - const refundItem = require('home/refund/product.vue'); 20 + const pruduct = require('home/return/item.vue').default;
  21 + const exchangeItem = require('home/exchange/item.vue').default;
  22 + const refundItem = require('home/refund/product.vue').default;
23 23
24 module.exports = { 24 module.exports = {
25 props: ['list', 'data', 'type'], 25 props: ['list', 'data', 'type'],
@@ -55,7 +55,7 @@ @@ -55,7 +55,7 @@
55 </template> 55 </template>
56 56
57 <script> 57 <script>
58 - const upload = require('components/tools/upload.vue'); 58 + const upload = require('components/tools/upload.vue').default;
59 const util = require('plugin/util'); 59 const util = require('plugin/util');
60 const tip = require('plugin/tip'); 60 const tip = require('plugin/tip');
61 const reasonConfig = require('home/return/reason'); 61 const reasonConfig = require('home/return/reason');