MAGETWO-94469: Wrong session messages behavior

svitja · svitja · commit 007a7f1c8dbd · 2018-09-10T17:09:40.000+03:00
diff --git a/app/code/Magento/PageCache/Model/System/Config/Backend/Ttl.php b/app/code/Magento/PageCache/Model/System/Config/Backend/Ttl.php
@@ -6,15 +6,49 @@
 
 namespace Magento\PageCache\Model\System\Config\Backend;
 
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\Exception\LocalizedException;
+
 /**
- * Backend model for processing Public content cache lifetime settings
+ * Backend model for processing Public content cache lifetime settings.
  *
  * Class Ttl
  */
 class Ttl extends \Magento\Framework\App\Config\Value
 {
     /**
-     * Throw exception if Ttl data is invalid or empty
+     * @var Escaper
+     */
+    private $escaper;
+
+    /**
+     * @param \Magento\Framework\Model\Context $context
+     * @param \Magento\Framework\Registry $registry
+     * @param ScopeConfigInterface $config
+     * @param \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList
+     * @param \Magento\Framework\Model\ResourceModel\AbstractResource|null $resource
+     * @param \Magento\Framework\Data\Collection\AbstractDb|null $resourceCollection
+     * @param array $data
+     * @param Escaper|null $escaper
+     */
+    public function __construct(
+        \Magento\Framework\Model\Context $context,
+        \Magento\Framework\Registry $registry,
+        ScopeConfigInterface $config,
+        \Magento\Framework\App\Cache\TypeListInterface $cacheTypeList,
+        \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
+        \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
+        array $data = [],
+        Escaper $escaper = null
+    ) {
+        parent::__construct($context, $registry, $config, $cacheTypeList, $resource, $resourceCollection, $data);
+        $this->escaper = $escaper ?: ObjectManager::getInstance()->create(Escaper::class);
+    }
+
+    /**
+     * Throw exception if Ttl data is invalid or empty.
      *
      * @return $this
      * @throws \Magento\Framework\Exception\LocalizedException
@@ -23,10 +57,14 @@ public function beforeSave()
     {
         $value = $this->getValue();
         if ($value < 0 || !preg_match('/^[0-9]+$/', $value)) {
-            throw new \Magento\Framework\Exception\LocalizedException(
-                __('Ttl value "%1" is not valid. Please use only numbers equal or greater than zero.', $value)
+            throw new LocalizedException(
+                __(
+                    'Ttl value "%1" is not valid. Please use only numbers equal or greater than zero.',
+                    $this->escaper->escapeHtml($value)
+                )
             );
         }
+
         return $this;
     }
 }
diff --git a/app/code/Magento/PageCache/Test/Unit/Model/System/Config/Backend/TtlTest.php b/app/code/Magento/PageCache/Test/Unit/Model/System/Config/Backend/TtlTest.php
@@ -0,0 +1,106 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\PageCache\Test\Unit\Model\System\Config\Backend;
+
+use Magento\PageCache\Model\System\Config\Backend\Ttl;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
+use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\Escaper;
+use Magento\Framework\Exception\LocalizedException;
+
+class TtlTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var Ttl
+     */
+    private $ttl;
+
+    /*
+     * @var \Magento\Framework\Escaper|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $escaperMock;
+
+    /**
+     * @inheritDoc
+     */
+    protected function setUp()
+    {
+        $objectManager = new ObjectManager($this);
+        $configMock = $this->getMockForAbstractClass(ScopeConfigInterface::class);
+        $configMock->expects($this->any())
+            ->method('getValue')
+            ->with('system/full_page_cache/default')
+            ->willReturn(['ttl' => 86400]);
+
+        $this->escaperMock = $this->getMockBuilder(Escaper::class)->disableOriginalConstructor()->getMock();
+
+        $this->ttl = $objectManager->getObject(
+            Ttl::class,
+            [
+                'config' => $configMock,
+                'data' => ['field' => 'ttl'],
+                'escaper' => $this->escaperMock,
+            ]
+        );
+    }
+
+    /**
+     * @return array
+     */
+    public function getValidValues()
+    {
+        return [
+            ['3600', '3600'],
+            ['10000', '10000'],
+            ['100000', '100000'],
+            ['1000000', '1000000'],
+        ];
+    }
+
+    /**
+     * @param string $value
+     * @param string $expectedValue
+     * @return void
+     * @dataProvider getValidValues
+     */
+    public function testBeforeSave($value, $expectedValue)
+    {
+        $this->ttl->setValue($value);
+        $this->ttl->beforeSave();
+        $this->assertEquals($expectedValue, $this->ttl->getValue());
+    }
+
+    /**
+     * @return array
+     */
+    public function getInvalidValues()
+    {
+        return [
+            ['<script>alert(1)</script>'],
+            ['apple'],
+            ['123 street'],
+            ['-123'],
+        ];
+    }
+
+    /**
+     * @param string $value
+     * @return void
+     * @dataProvider getInvalidValues
+     */
+    public function testBeforeSaveInvalid($value)
+    {
+        $this->ttl->setValue($value);
+        $this->escaperMock->expects($this->any())->method('escapeHtml')->with($value)->willReturn($value);
+        $expMessage = sprintf(
+            'Ttl value "%s" is not valid. Please use only numbers equal or greater than zero.',
+            $value
+        );
+        $this->setExpectedException(LocalizedException::class, $expMessage);
+        $this->ttl->beforeSave();
+    }
+}
