protected function buyableFromRequest()
{
$request = $this->getRequest();
if (SecurityToken::is_enabled() && !self::config()->disable_security_token && !SecurityToken::inst()->checkRequest($request)) {
return $this->httpError(400, _t("ShoppingCart.InvalidSecurityToken", "Invalid security token, possible CSRF attack."));
}
$id = (int) $request->param('ID');
if (empty($id)) {
//TODO: store error message
return null;
}
$buyableclass = "Product";
if ($class = $request->param('Buyable')) {
$buyableclass = Convert::raw2sql($class);
}
if (!ClassInfo::exists($buyableclass)) {
//TODO: store error message
return null;
}
//ensure only live products are returned, if they are versioned
$buyable = Object::has_extension($buyableclass, 'Versioned') ? Versioned::get_by_stage($buyableclass, 'Live')->byID($id) : DataObject::get($buyableclass)->byID($id);
if (!$buyable || !$buyable instanceof Buyable) {
//TODO: store error message
return null;
}
return $this->cart->getCorrectBuyable($buyable);
}