Merge remote-tracking branch 'remotes/mainline/1.0-develop' into MC-15970

Author: danmooney2

app/code/Magento/PageBuilder/Controller/ContentType/Preview.php

@@ -26,19 +26,28 @@ class Preview extends \Magento\Framework\App\Action\Action implements HttpPostAc
      */
     private $rendererPool;
 
+    /**
+     * @var \Magento\Backend\Model\Auth
+     */
+    private $auth;
+
     /**
      * Constructor
      *
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\PageBuilder\Model\Stage\RendererPool $rendererPool
+     * @param \Magento\Backend\Model\Auth $auth
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\PageBuilder\Model\Stage\RendererPool $rendererPool
+        \Magento\PageBuilder\Model\Stage\RendererPool $rendererPool,
+        \Magento\Backend\Model\Auth $auth = null
     ) {
         parent::__construct($context);
 
         $this->rendererPool = $rendererPool;
+        $this->auth = $auth ?? \Magento\Framework\App\ObjectManager::getInstance()
+            ->get(\Magento\Backend\Model\Auth::class);
     }
 
     /**
@@ -48,14 +57,18 @@ public function __construct(
      */
     public function execute()
     {
-        $pageResult = $this->resultFactory->create(ResultFactory::TYPE_PAGE);
-        // Some template filters and directive processors expect this to be called in order to function.
-        $pageResult->initLayout();
+        if ($this->auth->isLoggedIn()) {
+            $pageResult = $this->resultFactory->create(ResultFactory::TYPE_PAGE);
+            // Some template filters and directive processors expect this to be called in order to function.
+            $pageResult->initLayout();
+
+            $params = $this->getRequest()->getParams();
+            $renderer = $this->rendererPool->getRenderer($params['role']);
+            $result = ['data' => $renderer->render($params)];
 
-        $params = $this->getRequest()->getParams();
-        $renderer = $this->rendererPool->getRenderer($params['role']);
-        $result = ['data' => $renderer->render($params)];
+            return $this->resultFactory->create(ResultFactory::TYPE_JSON)->setData($result);
+        }
 
-        return $this->resultFactory->create(ResultFactory::TYPE_JSON)->setData($result);
+        $this->_forward('noroute');
     }
 }

app/code/Magento/PageBuilder/Model/Stage/Config.php

@@ -135,7 +135,9 @@ public function getConfig()
             'content_types' => $this->getContentTypes(),
             'stage_config' => $this->data,
             'media_url' => $this->urlBuilder->getBaseUrl(['_type' => UrlInterface::URL_TYPE_MEDIA]),
-            'preview_url' => $this->frontendUrlBuilder->getUrl('pagebuilder/contenttype/preview'),
+            'preview_url' => $this->frontendUrlBuilder
+                ->addSessionParam()
+                ->getUrl('pagebuilder/contenttype/preview'),
             'column_grid_default' => $this->scopeConfig->getValue(self::XML_PATH_COLUMN_GRID_DEFAULT),
             'column_grid_max' => $this->scopeConfig->getValue(self::XML_PATH_COLUMN_GRID_MAX),
             'can_use_inline_editing_on_stage' => $this->isWysiwygProvisionedForEditingOnStage(),

app/code/Magento/PageBuilder/Plugin/Filter/CustomVarTemplate.php

@@ -0,0 +1,53 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\PageBuilder\Plugin\Filter;
+
+use Magento\Store\Model\Store;
+use Magento\Framework\Escaper;
+
+/**
+ * Plugin to the template filter to escape custom variable directives
+ */
+class CustomVarTemplate
+{
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param Escaper $escaper
+     */
+    public function __construct(
+        Escaper $escaper
+    ) {
+        $this->escaper = $escaper;
+    }
+
+    /**
+     * Determine if custom variable within a Page Builder CMS Block directive's return value needs to be escaped
+     *
+     * @param \Magento\Email\Model\Template\Filter $subject
+     * @param string $result
+     * @return string
+     */
+    public function afterCustomvarDirective(
+        \Magento\Email\Model\Template\Filter $subject,
+        $result
+    ) {
+        // Determine the need to escape the return value of observed method.
+        // Admin context requires store ID of 0; in that context return value should be escaped
+        $shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === Store::DEFAULT_STORE_ID;
+
+        if ($shouldEscape) {
+            return $this->escaper->escapeHtml($result);
+        } else {
+            return $result;
+        }
+    }
+}

app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php

@@ -7,8 +7,6 @@
 
 namespace Magento\PageBuilder\Plugin\Filter;
 
-use Magento\Store\Model\Store;
-
 /**
  * Plugin to the template filter to process any background images added by Page Builder
  */
@@ -38,19 +36,27 @@ class TemplatePlugin
      */
     private $mathRandom;
 
+    /**
+     * @var \Magento\Framework\Serialize\Serializer\Json
+     */
+    private $json;
+
     /**
      * @param \Psr\Log\LoggerInterface $logger
      * @param \Magento\Framework\View\ConfigInterface $viewConfig
      * @param \Magento\Framework\Math\Random $mathRandom
+     * @param \Magento\Framework\Serialize\Serializer\Json $json
      */
     public function __construct(
         \Psr\Log\LoggerInterface $logger,
         \Magento\Framework\View\ConfigInterface $viewConfig,
-        \Magento\Framework\Math\Random $mathRandom
+        \Magento\Framework\Math\Random $mathRandom,
+        \Magento\Framework\Serialize\Serializer\Json $json
     ) {
         $this->logger = $logger;
         $this->viewConfig = $viewConfig;
         $this->mathRandom = $mathRandom;
+        $this->json = $json;
     }
 
     /**
@@ -107,32 +113,6 @@ public function afterFilter(\Magento\Framework\Filter\Template $subject, string
         return $result;
     }
 
-    /**
-     * Determine if custom variable directive's return value needs to be escaped and do so if true
-     *
-     * @param \Magento\Framework\Filter\Template $subject
-     * @param \Closure $proceed
-     * @param string[] $construction
-     * @return string
-     */
-    public function aroundCustomvarDirective(
-        \Magento\Framework\Filter\Template $subject,
-        \Closure $proceed,
-        $construction
-    ) {
-        // Determine the need to escape the return value of observed method.
-        // Admin context requires store ID of 0; in that context return value should be escaped
-        $shouldEscape = $subject->getStoreId() !== null && (int) $subject->getStoreId() === Store::DEFAULT_STORE_ID;
-
-        if (!$shouldEscape) {
-            return $proceed($construction);
-        }
-
-        $result = $proceed($construction);
-
-        return htmlspecialchars($result);
-    }
-
     /**
      * Create a DOM document from a given string
      *
@@ -161,7 +141,7 @@ private function createDomDocument(string $html) : \DOMDocument
         $domDocument = new \DOMDocument('1.0', 'UTF-8');
         set_error_handler(
             function ($errorNumber, $errorString) {
-                throw new \Exception($errorString, $errorNumber);
+                throw new \DOMException($errorString, $errorNumber);
             }
         );
         $string = mb_convert_encoding($html, 'HTML-ENTITIES', 'UTF-8');
@@ -225,6 +205,7 @@ private function generateDecodedHtmlPlaceholderMappingInDocument(\DOMDocument $d
             $preDecodedOuterHtml = $document->saveHTML($htmlContentTypeNode);
 
             // clear empty <div> wrapper around outerHTML to replace with $clonedHtmlContentTypeNode
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $decodedInnerHtml = preg_replace('#^<[^>]*>|</[^>]*>$#', '', html_entity_decode($preDecodedOuterHtml));
 
             // Use $clonedHtmlContentTypeNode's placeholder to inject decoded inner html
@@ -258,7 +239,8 @@ private function generateBackgroundImageStyles(\DOMDocument $document) : void
             $backgroundImages = $node->attributes->getNamedItem('data-background-images');
             if ($backgroundImages->nodeValue !== '') {
                 $elementClass = uniqid('background-image-');
-                $images = json_decode(stripslashes($backgroundImages->nodeValue), true);
+                // phpcs:ignore Magento2.Functions.DiscouragedFunction
+                $images = $this->json->unserialize(stripslashes($backgroundImages->nodeValue));
                 if (count($images) > 0) {
                     $style = $xpath->document->createElement(
                         'style',

app/code/Magento/PageBuilder/Plugin/Framework/Session/SidResolver.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\PageBuilder\Plugin\Framework\Session;
+
+/**
+ * Plugin for SID resolver.
+ */
+class SidResolver
+{
+    /**
+     * @var \Magento\Framework\App\RequestInterface
+     */
+    private $request;
+
+    /**
+     * @param \Magento\Framework\App\RequestInterface $request
+     */
+    public function __construct(
+        \Magento\Framework\App\RequestInterface $request
+    ) {
+        $this->request = $request;
+    }
+
+    /**
+     * Get Sid for pagebuilder preview
+     *
+     * @param \Magento\Framework\Session\SidResolver $subject
+     * @param string|null $result
+     * @param \Magento\Framework\Session\SessionManagerInterface $session
+     *
+     * @return string|null
+     */
+    public function afterGetSid(
+        \Magento\Framework\Session\SidResolver $subject,
+        $result,
+        \Magento\Framework\Session\SessionManagerInterface $session
+    ) {
+        if (strpos($this->request->getPathInfo(), '/pagebuilder/contenttype/preview') === 0) {
+            return $this->request->getQuery(
+                $subject->getSessionIdQueryParam($session)
+            );
+        }
+
+        return $result;
+    }
+}

app/code/Magento/PageBuilder/etc/di.xml

@@ -140,4 +140,7 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Framework\Session\SidResolver">
+        <plugin name="pagebuilder_preview_sid_resolving" type="Magento\PageBuilder\Plugin\Framework\Session\SidResolver" />
+    </type>
 </config>

app/code/Magento/PageBuilder/etc/frontend/di.xml

@@ -12,4 +12,7 @@
     <type name="Magento\Framework\Filter\Template">
         <plugin name="convertBackgroundImages" type="Magento\PageBuilder\Plugin\Filter\TemplatePlugin"/>
     </type>
+    <type name="Magento\Email\Model\Template\Filter">
+        <plugin name="escapeCustomVarDirectives" type="Magento\PageBuilder\Plugin\Filter\CustomVarTemplate"/>
+    </type>
 </config>