MC-15311: [Sec] PageBuilder XSS Injection Possible Through Block on HTML Code Content Type For CSS Classes Attribute & in TinyMCE

danmooney2 · danmooney2 · commit c85d3d102317 · 2019-03-08T12:13:26.000-06:00
Fix static issues
diff --git a/app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php b/app/code/Magento/PageBuilder/Plugin/Filter/TemplatePlugin.php
@@ -112,7 +112,7 @@ public function afterFilter(\Magento\Framework\Filter\Template $subject, string
      *
      * @param \Magento\Framework\Filter\Template $subject
      * @param \Closure $proceed
-     * @param $construction
+     * @param string[] $construction
      * @return string
      */
     public function aroundCustomvarDirective(
diff --git a/dev/tests/integration/testsuite/Magento/PageBuilder/_files/custom_variable_xss.php b/dev/tests/integration/testsuite/Magento/PageBuilder/_files/custom_variable_xss.php
@@ -1,4 +1,8 @@
 <?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
 
 $this->objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
 

Original file line number	Diff line number	Diff line change
`@@ -112,7 +112,7 @@ public function afterFilter(\Magento\Framework\Filter\Template $subject, string`
`112`	`112`	`*`
`113`	`113`	`* @param \Magento\Framework\Filter\Template $subject`
`114`	`114`	`* @param \Closure $proceed`
`115`		`- * @param $construction`
	`115`	`+ * @param string[] $construction`
`116`	`116`	`* @return string`
`117`	`117`	`*/`
`118`	`118`	`public function aroundCustomvarDirective(`