Merge remote-tracking branch 'remotes/mainline/2.3.3-develop' into MC-15972-squashed

Author: danmooney2

app/code/Magento/Email/Block/Adminhtml/Template/Preview.php

@@ -55,19 +55,26 @@ public function __construct(
      * Prepare html output
      *
      * @return string
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     protected function _toHtml()
     {
+        $request = $this->getRequest();
+
+        if (!$request instanceof \Magento\Framework\App\RequestSafetyInterface || !$request->isSafeMethod()) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('Wrong request.'));
+        }
+
         $storeId = $this->getAnyStoreView()->getId();
         /** @var $template \Magento\Email\Model\Template */
         $template = $this->_emailFactory->create();
 
-        if ($id = (int)$this->getRequest()->getParam('id')) {
+        if ($id = (int)$request->getParam('id')) {
             $template->load($id);
         } else {
-            $template->setTemplateType($this->getRequest()->getParam('type'));
-            $template->setTemplateText($this->getRequest()->getParam('text'));
-            $template->setTemplateStyles($this->getRequest()->getParam('styles'));
+            $template->setTemplateType($request->getParam('type'));
+            $template->setTemplateText($request->getParam('text'));
+            $template->setTemplateStyles($request->getParam('styles'));
         }
 
         \Magento\Framework\Profiler::start($this->profilerName);

app/code/Magento/Email/Test/Unit/Block/Adminhtml/Template/PreviewTest.php

@@ -18,105 +18,175 @@ class PreviewTest extends \PHPUnit\Framework\TestCase
 
     const MALICIOUS_TEXT = 'test malicious';
 
+    /**
+     * @var \Magento\Framework\App\Request\Http|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $request;
+
+    /**
+     * @var \Magento\Email\Block\Adminhtml\Template\Preview
+     */
+    protected $preview;
+
+    /**
+     * @var \Magento\Framework\Filter\Input\MaliciousCode|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $maliciousCode;
+
+    /**
+     * @var \Magento\Email\Model\Template|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $template;
+
+    /**
+     * @var \Magento\Store\Model\StoreManagerInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $storeManager;
+
     /**
      * Init data
      */
     protected function setUp()
     {
         $this->objectManagerHelper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
-    }
 
-    /**
-     * Check of processing email templates
-     *
-     * @param array $requestParamMap
-     *
-     * @dataProvider toHtmlDataProvider
-     * @param $requestParamMap
-     */
-    public function testToHtml($requestParamMap)
-    {
         $storeId = 1;
-        $template = $this->getMockBuilder(\Magento\Email\Model\Template::class)
-            ->setMethods([
-                'setDesignConfig',
-                'getDesignConfig',
-                '__wakeup',
-                'getProcessedTemplate',
-                'getAppState',
-                'revertDesign'
-            ])
+        $designConfigData = [];
+
+        $this->template = $this->getMockBuilder(\Magento\Email\Model\Template::class)
+            ->setMethods(
+                [
+                    'setDesignConfig',
+                    'getDesignConfig',
+                    '__wakeup',
+                    'getProcessedTemplate',
+                    'getAppState',
+                    'revertDesign'
+                ]
+            )
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->storeManager = $this->getMockBuilder(\Magento\Store\Model\StoreManagerInterface::class)
             ->disableOriginalConstructor()
             ->getMock();
-        $template->expects($this->once())
+
+        $this->request = $this->createMock(\Magento\Framework\App\Request\Http::class);
+
+        $this->maliciousCode = $this->createPartialMock(
+            \Magento\Framework\Filter\Input\MaliciousCode::class,
+            ['filter']
+        );
+
+        $this->template->expects($this->once())
             ->method('getProcessedTemplate')
             ->with($this->equalTo([]))
             ->willReturn(self::MALICIOUS_TEXT);
-        $designConfigData = [];
-        $template->expects($this->atLeastOnce())
-            ->method('getDesignConfig')
-            ->willReturn(new \Magento\Framework\DataObject(
-                $designConfigData
-            ));
+
+        $this->template->method('getDesignConfig')
+            ->willReturn(new \Magento\Framework\DataObject($designConfigData));
+
         $emailFactory = $this->createPartialMock(\Magento\Email\Model\TemplateFactory::class, ['create']);
         $emailFactory->expects($this->any())
             ->method('create')
-            ->willReturn($template);
+            ->willReturn($this->template);
 
-        $request = $this->createMock(\Magento\Framework\App\RequestInterface::class);
-        $request->expects($this->any())->method('getParam')->willReturnMap($requestParamMap);
         $eventManage = $this->createMock(\Magento\Framework\Event\ManagerInterface::class);
         $scopeConfig = $this->createMock(\Magento\Framework\App\Config\ScopeConfigInterface::class);
         $design = $this->createMock(\Magento\Framework\View\DesignInterface::class);
         $store = $this->createPartialMock(\Magento\Store\Model\Store::class, ['getId', '__wakeup']);
-        $store->expects($this->any())->method('getId')->willReturn($storeId);
-        $storeManager = $this->getMockBuilder(\Magento\Store\Model\StoreManagerInterface::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-        $storeManager->expects($this->atLeastOnce())
-            ->method('getDefaultStoreView')
+
+        $store->expects($this->any())
+            ->method('getId')
+            ->willReturn($storeId);
+
+        $this->storeManager->method('getDefaultStoreView')
             ->willReturn($store);
-        $storeManager->expects($this->any())->method('getDefaultStoreView')->willReturn(null);
-        $storeManager->expects($this->any())->method('getStores')->willReturn([$store]);
+
+        $this->storeManager->expects($this->any())->method('getDefaultStoreView')->willReturn(null);
+        $this->storeManager->expects($this->any())->method('getStores')->willReturn([$store]);
         $appState = $this->getMockBuilder(\Magento\Framework\App\State::class)
-            ->setConstructorArgs([
-                $scopeConfig
-            ])
+            ->setConstructorArgs(
+                [
+                    $scopeConfig
+                ]
+            )
             ->setMethods(['emulateAreaCode'])
             ->disableOriginalConstructor()
             ->getMock();
         $appState->expects($this->any())
             ->method('emulateAreaCode')
-            ->with(\Magento\Email\Model\AbstractTemplate::DEFAULT_DESIGN_AREA, [$template, 'getProcessedTemplate'])
-            ->willReturn($template->getProcessedTemplate());
+            ->with(
+                \Magento\Email\Model\AbstractTemplate::DEFAULT_DESIGN_AREA,
+                [$this->template, 'getProcessedTemplate']
+            )
+            ->willReturn($this->template->getProcessedTemplate());
 
         $context = $this->createPartialMock(
             \Magento\Backend\Block\Template\Context::class,
             ['getRequest', 'getEventManager', 'getScopeConfig', 'getDesignPackage', 'getStoreManager', 'getAppState']
         );
-        $context->expects($this->any())->method('getRequest')->willReturn($request);
+        $context->expects($this->any())->method('getRequest')->willReturn($this->request);
         $context->expects($this->any())->method('getEventManager')->willReturn($eventManage);
         $context->expects($this->any())->method('getScopeConfig')->willReturn($scopeConfig);
         $context->expects($this->any())->method('getDesignPackage')->willReturn($design);
-        $context->expects($this->any())->method('getStoreManager')->willReturn($storeManager);
+        $context->expects($this->any())->method('getStoreManager')->willReturn($this->storeManager);
         $context->expects($this->once())->method('getAppState')->willReturn($appState);
 
-        $maliciousCode = $this->createPartialMock(\Magento\Framework\Filter\Input\MaliciousCode::class, ['filter']);
-        $maliciousCode->expects($this->once())
-            ->method('filter')
-            ->with($this->equalTo($requestParamMap[1][2]))
-            ->willReturn(self::MALICIOUS_TEXT);
-
         /** @var \Magento\Email\Block\Adminhtml\Template\Preview $preview */
-        $preview = $this->objectManagerHelper->getObject(
+        $this->preview = $this->objectManagerHelper->getObject(
             \Magento\Email\Block\Adminhtml\Template\Preview::class,
             [
                 'context' => $context,
-                'maliciousCode' => $maliciousCode,
+                'maliciousCode' => $this->maliciousCode,
                 'emailFactory' => $emailFactory
             ]
         );
-        $this->assertEquals(self::MALICIOUS_TEXT, $preview->toHtml());
+    }
+
+    /**
+     * Check of processing email templates
+     *
+     * @param array $requestParamMap
+     * @dataProvider toHtmlDataProvider
+     */
+    public function testToHtml($requestParamMap)
+    {
+        $this->request->expects($this->atLeastOnce())
+            ->method('isSafeMethod')
+            ->willReturn(true);
+        $this->request->expects($this->any())
+            ->method('getParam')
+            ->willReturnMap($requestParamMap);
+        $this->template
+            ->expects($this->atLeastOnce())
+            ->method('getDesignConfig');
+        $this->storeManager->expects($this->atLeastOnce())
+            ->method('getDefaultStoreView');
+        $this->maliciousCode->expects($this->once())
+            ->method('filter')
+            ->with($this->equalTo($requestParamMap[1][2]))
+            ->willReturn(self::MALICIOUS_TEXT);
+
+        $this->assertEquals(self::MALICIOUS_TEXT, $this->preview->toHtml());
+    }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     */
+    public function testToHtmlWithException()
+    {
+        $this->request->expects($this->atLeastOnce())
+            ->method('isSafeMethod')
+            ->willReturn(false);
+        $this->template
+            ->expects($this->never())
+            ->method('getDesignConfig');
+        $this->expectException(\Magento\Framework\Exception\LocalizedException::class);
+        $this->expectExceptionMessage(
+            (string)__('Wrong request.')
+        );
+        $this->preview->toHtml();
     }
 
     /**

app/code/Magento/ImportExport/Model/Import.php

@@ -568,9 +568,15 @@ public function uploadSource()
         $entity = $this->getEntity();
         /** @var $uploader Uploader */
         $uploader = $this->_uploaderFactory->create(['fileId' => self::FIELD_NAME_SOURCE_FILE]);
+        $uploader->setAllowedExtensions(['csv', 'zip']);
         $uploader->skipDbProcessing(true);
         $fileName = $this->random->getRandomString(32) . '.' . $uploader->getFileExtension();
-        $result = $uploader->save($this->getWorkingDir(), $fileName);
+        try {
+            $result = $uploader->save($this->getWorkingDir(), $fileName);
+        } catch (\Exception $e) {
+            throw new LocalizedException(__('The file cannot be uploaded.'));
+        }
+
         // phpcs:disable Magento2.Functions.DiscouragedFunction.Discouraged
         $extension = pathinfo($result['file'], PATHINFO_EXTENSION);
 

app/code/Magento/Theme/Model/Design/BackendModelFactory.php

@@ -3,6 +3,9 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+declare(strict_types=1);
+
 namespace Magento\Theme\Model\Design;
 
 use Magento\Framework\App\Config\Value;
@@ -11,6 +14,9 @@
 use Magento\Theme\Model\Design\Config\MetadataProvider;
 use Magento\Theme\Model\ResourceModel\Design\Config\CollectionFactory;
 
+/**
+ * Class BackendModelFactory
+ */
 class BackendModelFactory extends ValueFactory
 {
     /**
@@ -58,13 +64,15 @@ public function __construct(
      */
     public function create(array $data = [])
     {
+        $storedData = $this->getStoredData($data['scope'], $data['scopeId'], $data['config']['path']);
+
         $backendModelData = array_replace_recursive(
-            $this->getStoredData($data['scope'], $data['scopeId'], $data['config']['path']),
+            $storedData,
             [
                 'path' => $data['config']['path'],
                 'scope' => $data['scope'],
                 'scope_id' => $data['scopeId'],
-                'field_config' => $data['config'],
+                'field_config' => $data['config']
             ]
         );
 
@@ -76,6 +84,13 @@ public function create(array $data = [])
         $backendModel = $this->getNewBackendModel($backendType, $backendModelData);
         $backendModel->setValue($data['value']);
 
+        if ($storedData) {
+            foreach ($storedData as $key => $value) {
+                $backendModel->setOrigData($key, $value);
+            }
+            $backendModel->setOrigData('field_config', $data['config']);
+        }
+
         return $backendModel;
     }
 
@@ -166,9 +181,12 @@ protected function getMetadata()
     {
         if (!$this->metadata) {
             $this->metadata = $this->metadataProvider->get();
-            array_walk($this->metadata, function (&$value) {
-                $value = $value['path'];
-            });
+            array_walk(
+                $this->metadata,
+                function (&$value) {
+                    $value = $value['path'];
+                }
+            );
         }
         return $this->metadata;
     }

app/code/Magento/Theme/Model/Design/Config/ValueChecker.php

@@ -8,6 +8,9 @@
 use Magento\Framework\App\Config as AppConfig;
 use Magento\Framework\App\ScopeFallbackResolverInterface;
 
+/**
+ * Class ValueChecker
+ */
 class ValueChecker
 {
     /**
@@ -61,7 +64,7 @@ public function isDifferentFromDefault($value, $scope, $scopeId, array $fieldCon
                     $fieldConfig
                 ),
                 $this->valueProcessor->process(
-                    $this->appConfig->getValue($fieldConfig['path'], $scope, $scopeId),
+                    ($this->appConfig->getValue($fieldConfig['path'], $scope, $scopeId) ?? ""),
                     $scope,
                     $scopeId,
                     $fieldConfig
@@ -80,12 +83,11 @@ public function isDifferentFromDefault($value, $scope, $scopeId, array $fieldCon
      */
     protected function isEqual($value, $defaultValue)
     {
-        switch (gettype($value)) {
-            case 'array':
-                return $this->isEqualArrays($value, $defaultValue);
-            default:
-                return $value === $defaultValue;
+        if (is_array($value)) {
+            return $this->isEqualArrays($value, $defaultValue);
         }
+
+        return $value === $defaultValue;
     }
 
     /**

dev/tests/integration/testsuite/Magento/ImportExport/Controller/Adminhtml/Import/ValidateTest.php

@@ -93,7 +93,7 @@ public function validationDataProvider(): array
             [
                 'file_name' => 'test.txt',
                 'mime-type' => 'text/csv',
-                'message' => '\'txt\' file extension is not supported',
+                'message' => 'The file cannot be uploaded.',
                 'delimiter' => ',',
             ],
             [