Merge remote-tracking branch 'arcticfoxes/MC-13954' into 2.3-qwerty-pr

Author: Joan He

app/code/Magento/CatalogImportExport/Model/Import/Uploader.php

@@ -6,13 +6,16 @@
 namespace Magento\CatalogImportExport\Model\Import;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Filesystem\DriverPool;
 
 /**
  * Import entity product model
  *
  * @api
  * @since 100.0.2
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * phpcs:disable Magento2.Functions.DiscouragedFunction
  */
 class Uploader extends \Magento\MediaStorage\Model\File\Uploader
 {
@@ -31,6 +34,13 @@ class Uploader extends \Magento\MediaStorage\Model\File\Uploader
      */
     protected $_tmpDir = '';
 
+    /**
+     * Download directory for url-based resources.
+     *
+     * @var string
+     */
+    private $downloadDir;
+
     /**
      * Destination directory.
      *
@@ -94,6 +104,13 @@ class Uploader extends \Magento\MediaStorage\Model\File\Uploader
      */
     protected $_coreFileStorage;
 
+    /**
+     * Instance of random data generator.
+     *
+     * @var \Magento\Framework\Math\Random
+     */
+    private $random;
+
     /**
      * @param \Magento\MediaStorage\Helper\File\Storage\Database $coreFileStorageDb
      * @param \Magento\MediaStorage\Helper\File\Storage $coreFileStorage
@@ -102,6 +119,8 @@ class Uploader extends \Magento\MediaStorage\Model\File\Uploader
      * @param \Magento\Framework\Filesystem $filesystem
      * @param \Magento\Framework\Filesystem\File\ReadFactory $readFactory
      * @param string|null $filePath
+     * @param \Magento\Framework\Math\Random|null $random
+     * @throws \Magento\Framework\Exception\FileSystemException
      * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function __construct(
@@ -111,7 +130,8 @@ public function __construct(
         \Magento\MediaStorage\Model\File\Validator\NotProtectedExtension $validator,
         \Magento\Framework\Filesystem $filesystem,
         \Magento\Framework\Filesystem\File\ReadFactory $readFactory,
-        $filePath = null
+        $filePath = null,
+        \Magento\Framework\Math\Random $random = null
     ) {
         $this->_imageFactory = $imageFactory;
         $this->_coreFileStorageDb = $coreFileStorageDb;
@@ -122,6 +142,8 @@ public function __construct(
         if ($filePath !== null) {
             $this->_setUploadFile($filePath);
         }
+        $this->random = $random ?: ObjectManager::getInstance()->get(\Magento\Framework\Math\Random::class);
+        $this->downloadDir = DirectoryList::getDefaultConfig()[DirectoryList::TMP][DirectoryList::PATH];
     }
 
     /**
@@ -150,52 +172,61 @@ public function init()
      */
     public function move($fileName, $renameFileOff = false)
     {
-        if ($renameFileOff) {
-            $this->setAllowRenameFiles(false);
-        }
-
-        if ($this->getTmpDir()) {
-            $filePath = $this->getTmpDir() . '/';
-        } else {
-            $filePath = '';
-        }
+        $this->setAllowRenameFiles(!$renameFileOff);
 
         if (preg_match('/\bhttps?:\/\//i', $fileName, $matches)) {
             $url = str_replace($matches[0], '', $fileName);
-            $driver = $matches[0] === $this->httpScheme ? DriverPool::HTTP : DriverPool::HTTPS;
-            $read = $this->_readFactory->create($url, $driver);
-
-            //only use filename (for URI with query parameters)
-            $parsedUrlPath = parse_url($url, PHP_URL_PATH);
-            if ($parsedUrlPath) {
-                $urlPathValues = explode('/', $parsedUrlPath);
-                if (!empty($urlPathValues)) {
-                    $fileName = end($urlPathValues);
-                }
-            }
-
-            $fileExtension = pathinfo($fileName, PATHINFO_EXTENSION);
-            if ($fileExtension && !$this->checkAllowedExtension($fileExtension)) {
-                throw new \Magento\Framework\Exception\LocalizedException(__('Disallowed file type.'));
-            }
-
-            $fileName = preg_replace('/[^a-z0-9\._-]+/i', '', $fileName);
-            $relativePath = $this->_directory->getRelativePath($filePath . $fileName);
-            $this->_directory->writeFile(
-                $relativePath,
-                $read->readAll()
-            );
+            $driver = ($matches[0] === $this->httpScheme) ? DriverPool::HTTP : DriverPool::HTTPS;
+            $tmpFilePath = $this->downloadFileFromUrl($url, $driver);
+        } else {
+            $tmpDir = $this->getTmpDir() ? ($this->getTmpDir() . '/') : '';
+            $tmpFilePath = $this->_directory->getRelativePath($tmpDir . $fileName);
         }
 
-        $filePath = $this->_directory->getRelativePath($filePath . $fileName);
-        $this->_setUploadFile($filePath);
+        $this->_setUploadFile($tmpFilePath);
         $destDir = $this->_directory->getAbsolutePath($this->getDestDir());
         $result = $this->save($destDir);
         unset($result['path']);
         $result['name'] = self::getCorrectFileName($result['name']);
+
         return $result;
     }
 
+    /**
+     * Writes a url-based file to the temp directory.
+     *
+     * @param string $url
+     * @param string $driver
+     * @return string
+     * @throws \Magento\Framework\Exception\LocalizedException
+     */
+    private function downloadFileFromUrl($url, $driver)
+    {
+        $parsedUrlPath = parse_url($url, PHP_URL_PATH);
+        if (!$parsedUrlPath) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('Could not parse resource url.'));
+        }
+        $urlPathValues = explode('/', $parsedUrlPath);
+        $fileName = preg_replace('/[^a-z0-9\._-]+/i', '', end($urlPathValues));
+
+        $fileExtension = pathinfo($fileName, PATHINFO_EXTENSION);
+        if ($fileExtension && !$this->checkAllowedExtension($fileExtension)) {
+            throw new \Magento\Framework\Exception\LocalizedException(__('Disallowed file type.'));
+        }
+
+        $tmpFileName = str_replace(".$fileExtension", '', $fileName);
+        $tmpFileName .= '_' . $this->random->getRandomString(16);
+        $tmpFileName .= $fileExtension ? ".$fileExtension" : '';
+        $tmpFilePath = $this->_directory->getRelativePath($this->downloadDir . '/' . $tmpFileName);
+
+        $this->_directory->writeFile(
+            $tmpFilePath,
+            $this->_readFactory->create($url, $driver)->readAll()
+        );
+
+        return $tmpFilePath;
+    }
+
     /**
      * Prepare information about the file for moving
      *
@@ -238,7 +269,7 @@ protected function _readFileInfo($filePath)
      * Validate uploaded file by type and etc.
      *
      * @return void
-     * @throws \Exception
+     * @throws \Magento\Framework\Exception\LocalizedException
      */
     protected function _validateFile()
     {
@@ -251,8 +282,7 @@ protected function _validateFile()
 
         $fileExtension = pathinfo($filePath, PATHINFO_EXTENSION);
         if (!$this->checkAllowedExtension($fileExtension)) {
-            $this->_directory->delete($filePath);
-            throw new \Exception('Disallowed file type.');
+            throw new \Magento\Framework\Exception\LocalizedException(__('Disallowed file type.'));
         }
         //run validate callbacks
         foreach ($this->_validateCallbacks as $params) {
@@ -356,6 +386,7 @@ protected function _moveFile($tmpPath, $destPath)
      */
     protected function chmod($file)
     {
+        //phpcs:ignore Squiz.PHP.NonExecutableCode.ReturnNotRequired
         return;
     }
 }