magento
diff --git a/‎app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php
Lines changed: 3 additions & 3 deletions b/‎app/code/Magento/Customer/Plugin/Webapi/Controller/Rest/ValidateCustomerData.php
Lines changed: 3 additions & 3 deletions
diff --git a/‎app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php
Lines changed: 21 additions & 13 deletions b/‎app/code/Magento/Customer/Test/Unit/Plugin/Webapi/Controller/Rest/ValidateCustomerDataTest.php
Lines changed: 21 additions & 13 deletions
diff --git a/‎app/code/Magento/EncryptionKey/Model/ResourceModel/Key/Change.php
Lines changed: 38 additions & 28 deletions b/‎app/code/Magento/EncryptionKey/Model/ResourceModel/Key/Change.php
Lines changed: 38 additions & 28 deletions
diff --git a/‎app/code/Magento/EncryptionKey/Test/Unit/Model/ResourceModel/Key/ChangeTest.php
Lines changed: 7 additions & 3 deletions b/‎app/code/Magento/EncryptionKey/Test/Unit/Model/ResourceModel/Key/ChangeTest.php
Lines changed: 7 additions & 3 deletions
diff --git a/‎app/code/Magento/PageCache/Controller/Block.php
Lines changed: 22 additions & 1 deletion b/‎app/code/Magento/PageCache/Controller/Block.php
Lines changed: 22 additions & 1 deletion
diff --git a/‎app/code/Magento/PageCache/etc/adminhtml/system.xml
Lines changed: 4 additions & 0 deletions b/‎app/code/Magento/PageCache/etc/adminhtml/system.xml
Lines changed: 4 additions & 0 deletions
diff --git a/‎app/code/Magento/PageCache/etc/config.xml
Lines changed: 1 addition & 0 deletions b/‎app/code/Magento/PageCache/etc/config.xml
Lines changed: 1 addition & 0 deletions
diff --git a/‎app/code/Magento/PageCache/etc/di.xml
Lines changed: 1 addition & 0 deletions b/‎app/code/Magento/PageCache/etc/di.xml
Lines changed: 1 addition & 0 deletions
@@ -28,8 +28,8 @@ class ValidateCustomerData
      */
     public function beforeOverride(ParamsOverrider $subject, array $inputData, array $parameters): array
     {
-        if (isset($inputData[self:: CUSTOMER_KEY])) {
-            $inputData[self:: CUSTOMER_KEY] = $this->validateInputData($inputData[self:: CUSTOMER_KEY]);
+        if (isset($inputData[self::CUSTOMER_KEY])) {
+            $inputData[self::CUSTOMER_KEY] = $this->validateInputData($inputData[self::CUSTOMER_KEY]);
         }
         return [$inputData, $parameters];
     }
@@ -45,7 +45,7 @@ private function validateInputData(array $inputData): array
         $result = [];
 
         $data = array_filter($inputData, function ($k) use (&$result) {
-            $key = is_string($k) ? strtolower($k) : $k;
+            $key = is_string($k) ? strtolower(str_replace('_', "", $k)) : $k;
             return !isset($result[$key]) && ($result[$key] = true);
         }, ARRAY_FILTER_USE_KEY);
 
 
@@ -8,8 +8,8 @@
 namespace Magento\Customer\Test\Unit\Plugin\Webapi\Controller\Rest;
 
 use Exception;
-use Magento\Framework\App\ObjectManager;
 use Magento\Customer\Plugin\Webapi\Controller\Rest\ValidateCustomerData;
+use Magento\Framework\App\ObjectManager;
 use PHPUnit\Framework\TestCase;
 use ReflectionClass;
 
@@ -75,40 +75,48 @@ public function dataProviderInputData(): array
     {
         return [
             [
-                ['customer' =>
-                    [
+                ['customer' => [
                         'id' => -1,
                         'Id' => 1,
-                        'name' =>
-                            [
+                        'name' => [
                                 'firstName' => 'Test',
                                 'LastName' => 'user'
                             ],
                         'isHavingOwnHouse' => 1,
-                        'address' =>
-                            [
+                        'address' => [
                                 'street' => '1st Street',
                                 'Street' => '3rd Street',
                                 'city' => 'London'
                             ],
                     ]
                 ],
-                ['customer' =>
-                    [
+                ['customer' => [
                         'id' => -1,
-                        'name' =>
-                            [
+                        'name' => [
                                 'firstName' => 'Test',
                                 'LastName' => 'user'
                             ],
                         'isHavingOwnHouse' => 1,
-                        'address' =>
-                            [
+                        'address' => [
                                 'street' => '1st Street',
                                 'city' => 'London'
                             ],
                     ]
                 ],
+                ['customer' => [
+                    'id' => -1,
+                    '_Id' => 1,
+                    'name' => [
+                        'firstName' => 'Test',
+                        'LastName' => 'user'
+                    ],
+                    'isHavingOwnHouse' => 1,
+                    'address' => [
+                        'street' => '1st Street',
+                        'city' => 'London'
+                    ],
+                ]
+                ],
             ]
         ];
     }
 
@@ -5,10 +5,22 @@
  */
 namespace Magento\EncryptionKey\Model\ResourceModel\Key;
 
+use \Exception;
+use Magento\Config\Model\Config\Backend\Encrypted;
+use Magento\Config\Model\Config\Structure;
+use Magento\Framework\App\DeploymentConfig\Writer;
 use Magento\Framework\App\Filesystem\DirectoryList;
 use Magento\Framework\Config\ConfigOptionsListConstants;
 use Magento\Framework\Config\Data\ConfigData;
 use Magento\Framework\Config\File\ConfigFilePool;
+use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\Framework\Exception\FileSystemException;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Filesystem\Directory\WriteInterface;
+use Magento\Framework\Math\Random;
+use Magento\Framework\Model\ResourceModel\Db\AbstractDb;
+use Magento\Framework\Model\ResourceModel\Db\Context;
 
 /**
  * Encryption key changer resource model
@@ -19,60 +31,60 @@
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  * @since 100.0.2
  */
-class Change extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
+class Change extends AbstractDb
 {
     /**
      * Encryptor interface
      *
-     * @var \Magento\Framework\Encryption\EncryptorInterface
+     * @var EncryptorInterface
      */
     protected $encryptor;
 
     /**
      * Filesystem directory write interface
      *
-     * @var \Magento\Framework\Filesystem\Directory\WriteInterface
+     * @var WriteInterface
      */
     protected $directory;
 
     /**
      * System configuration structure
      *
-     * @var \Magento\Config\Model\Config\Structure
+     * @var Structure
      */
     protected $structure;
 
     /**
      * Configuration writer
      *
-     * @var \Magento\Framework\App\DeploymentConfig\Writer
+     * @var Writer
      */
     protected $writer;
 
     /**
-     * Random
+     * Random string generator
      *
-     * @var \Magento\Framework\Math\Random
+     * @var Random
      * @since 100.0.4
      */
     protected $random;
 
     /**
-     * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
-     * @param \Magento\Framework\Filesystem $filesystem
-     * @param \Magento\Config\Model\Config\Structure $structure
-     * @param \Magento\Framework\Encryption\EncryptorInterface $encryptor
-     * @param \Magento\Framework\App\DeploymentConfig\Writer $writer
-     * @param \Magento\Framework\Math\Random $random
+     * @param Context $context
+     * @param Filesystem $filesystem
+     * @param Structure $structure
+     * @param EncryptorInterface $encryptor
+     * @param Writer $writer
+     * @param Random $random
      * @param string $connectionName
      */
     public function __construct(
-        \Magento\Framework\Model\ResourceModel\Db\Context $context,
-        \Magento\Framework\Filesystem $filesystem,
-        \Magento\Config\Model\Config\Structure $structure,
-        \Magento\Framework\Encryption\EncryptorInterface $encryptor,
-        \Magento\Framework\App\DeploymentConfig\Writer $writer,
-        \Magento\Framework\Math\Random $random,
+        Context $context,
+        Filesystem $filesystem,
+        Structure $structure,
+        EncryptorInterface $encryptor,
+        Writer $writer,
+        Random $random,
         $connectionName = null
     ) {
         $this->encryptor = clone $encryptor;
@@ -98,20 +110,18 @@ protected function _construct()
      *
      * @param string|null $key
      * @return null|string
-     * @throws \Exception
+     * @throws FileSystemException|LocalizedException|Exception
      */
     public function changeEncryptionKey($key = null)
     {
         // prepare new key, encryptor and new configuration segment
         if (!$this->writer->checkIfWritable()) {
-            throw new \Exception(__('Deployment configuration file is not writable.'));
+            throw new FileSystemException(__('Deployment configuration file is not writable.'));
         }
 
         if (null === $key) {
-            // md5() here is not for cryptographic use. It used for generate encryption key itself
-            // and do not encrypt any passwords
-            // phpcs:ignore Magento2.Security.InsecureFunction
-            $key = md5($this->random->getRandomString(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE));
+            $key = ConfigOptionsListConstants::STORE_KEY_ENCODED_RANDOM_STRING_PREFIX .
+                $this->random->getRandomBytes(ConfigOptionsListConstants::STORE_KEY_RANDOM_STRING_SIZE);
         }
         $this->encryptor->setNewKey($key);
 
@@ -128,7 +138,7 @@ public function changeEncryptionKey($key = null)
             $this->writer->saveConfig($configData);
             $this->commit();
             return $key;
-        } catch (\Exception $e) {
+        } catch (LocalizedException $e) {
             $this->rollBack();
             throw $e;
         }
@@ -142,11 +152,11 @@ public function changeEncryptionKey($key = null)
     protected function _reEncryptSystemConfigurationValues()
     {
         // look for encrypted node entries in all system.xml files
-        /** @var \Magento\Config\Model\Config\Structure $configStructure  */
+        /** @var Structure $configStructure  */
         $configStructure = $this->structure;
         $paths = $configStructure->getFieldPathsByAttribute(
             'backend_model',
-            \Magento\Config\Model\Config\Backend\Encrypted::class
+            Encrypted::class
         );
 
         // walk through found data and re-encrypt it
 
@@ -11,6 +11,7 @@
 use Magento\EncryptionKey\Model\ResourceModel\Key\Change;
 use Magento\Framework\App\DeploymentConfig\Writer;
 use Magento\Framework\App\ResourceConnection;
+use Magento\Framework\Config\ConfigOptionsListConstants;
 use Magento\Framework\DB\Adapter\AdapterInterface;
 use Magento\Framework\DB\Select;
 use Magento\Framework\Encryption\EncryptorInterface;
@@ -148,16 +149,19 @@ private function setUpChangeEncryptionKey()
     public function testChangeEncryptionKey()
     {
         $this->setUpChangeEncryptionKey();
-        $this->randomMock->expects($this->never())->method('getRandomString');
+        $this->randomMock->expects($this->never())->method('getRandomBytes');
         $key = 'key';
         $this->assertEquals($key, $this->model->changeEncryptionKey($key));
     }
 
     public function testChangeEncryptionKeyAutogenerate()
     {
         $this->setUpChangeEncryptionKey();
-        $this->randomMock->expects($this->once())->method('getRandomString')->willReturn('abc');
-        $this->assertEquals(hash('md5', 'abc'), $this->model->changeEncryptionKey());
+        $this->randomMock->expects($this->once())->method('getRandomBytes')->willReturn('abc');
+        $this->assertEquals(
+            ConfigOptionsListConstants::STORE_KEY_ENCODED_RANDOM_STRING_PREFIX . 'abc',
+            $this->model->changeEncryptionKey()
+        );
     }
 
     public function testChangeEncryptionKeyThrowsException()
 
@@ -4,13 +4,16 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\PageCache\Controller;
 
 use Magento\Framework\Serialize\Serializer\Base64Json;
 use Magento\Framework\Serialize\Serializer\Json;
 use Magento\Framework\Validator\RegexFactory;
 use Magento\Framework\App\ObjectManager;
 use Magento\Framework\View\Layout\LayoutCacheKeyInterface;
+use Magento\Framework\App\Config\ScopeConfigInterface;
 
 abstract class Block extends \Magento\Framework\App\Action\Action
 {
@@ -51,21 +54,33 @@ abstract class Block extends \Magento\Framework\App\Action\Action
      */
     private const VALIDATION_RULE_PATTERN = '/^[a-z0-9]+[a-z0-9_]*$/i';
 
+    /**
+     * @var ScopeConfigInterface
+     */
+    private $config;
+
+    /**
+     * Handle size system name
+     */
+    private const XML_HANDLES_SIZE = 'system/full_page_cache/handles_size';
+
     /**
      * @param \Magento\Framework\App\Action\Context $context
      * @param \Magento\Framework\Translate\InlineInterface $translateInline
      * @param Json $jsonSerializer
      * @param Base64Json $base64jsonSerializer
      * @param LayoutCacheKeyInterface $layoutCacheKey
      * @param RegexFactory|null $regexValidatorFactory
+     * @param ScopeConfigInterface|null $scopeConfig
      */
     public function __construct(
         \Magento\Framework\App\Action\Context $context,
         \Magento\Framework\Translate\InlineInterface $translateInline,
         Json $jsonSerializer = null,
         Base64Json $base64jsonSerializer = null,
         LayoutCacheKeyInterface $layoutCacheKey = null,
-        ?RegexFactory $regexValidatorFactory = null
+        ?RegexFactory $regexValidatorFactory = null,
+        ScopeConfigInterface $scopeConfig = null
     ) {
         parent::__construct($context);
         $this->translateInline = $translateInline;
@@ -77,6 +92,7 @@ public function __construct(
             ?: ObjectManager::getInstance()->get(LayoutCacheKeyInterface::class);
         $this->regexValidatorFactory = $regexValidatorFactory
             ?: ObjectManager::getInstance()->get(RegexFactory::class);
+        $this->config = $scopeConfig;
     }
 
     /**
@@ -94,6 +110,11 @@ protected function _getBlocks()
         }
         $blocks = $this->jsonSerializer->unserialize($blocks);
         $handles = $this->base64jsonSerializer->unserialize($handles);
+
+        $handleSize = (int) $this->config->getValue(self::XML_HANDLES_SIZE);
+        $handles = ($handleSize && count($handles) > $handleSize)
+            ? array_splice($handles, 0, $handleSize) : $handles;
+
         if (!$this->validateHandleParam($handles)) {
             return [];
         }
 
@@ -78,6 +78,10 @@
                     <comment>Public content cache lifetime in seconds. If field is empty default value 86400 will be saved. </comment>
                     <backend_model>Magento\PageCache\Model\System\Config\Backend\Ttl</backend_model>
                 </field>
+                <field id="handles_size" type="text" translate="label comment" sortOrder="5" showInDefault="1" canRestore="1">
+                    <label>Handles params size</label>
+                    <comment>Handles params size. For better performance use handles parameter size between 50 and 100. </comment>
+                </field>
             </group>
         </section>
     </system>
 
@@ -24,6 +24,7 @@
                     <path>varnish4.vcl</path>
                 </varnish4>
                 <ttl>86400</ttl>
+                <handles_size>100</handles_size>
                 <caching_application>1</caching_application>
                 <default>
                     <access_list>localhost</access_list>
 
@@ -35,6 +35,7 @@
     <type name="Magento\PageCache\Controller\Block">
         <arguments>
             <argument name="layoutCacheKey" xsi:type="object">Magento\Framework\View\Layout\LayoutCacheKeyInterface</argument>
+            <argument name="scopeConfig" xsi:type="object">Magento\Framework\App\Config\ScopeConfigInterface\Proxy</argument>
         </arguments>
     </type>
     <type name="Magento\Framework\App\Cache\RuntimeStaleCacheStateModifier">
Original file line number	Diff line number	Diff line change
`@@ -28,8 +28,8 @@ class ValidateCustomerData`
`28`	`28`	`*/`
`29`	`29`	`public function beforeOverride(ParamsOverrider $subject, array $inputData, array $parameters): array`
`30`	`30`	`{`
`31`		`- if (isset($inputData[self:: CUSTOMER_KEY])) {`
`32`		`- $inputData[self:: CUSTOMER_KEY] = $this->validateInputData($inputData[self:: CUSTOMER_KEY]);`
	`31`	`+ if (isset($inputData[self::CUSTOMER_KEY])) {`
	`32`	`+ $inputData[self::CUSTOMER_KEY] = $this->validateInputData($inputData[self::CUSTOMER_KEY]);`
`33`	`33`	`}`
`34`	`34`	`return [$inputData, $parameters];`
`35`	`35`	`}`
`@@ -45,7 +45,7 @@ private function validateInputData(array $inputData): array`
`45`	`45`	`$result = [];`
`46`	`46`
`47`	`47`	`$data = array_filter($inputData, function ($k) use (&$result) {`
`48`		`- $key = is_string($k) ? strtolower($k) : $k;`
	`48`	`+ $key = is_string($k) ? strtolower(str_replace('_', "", $k)) : $k;`
`49`	`49`	`return !isset($result[$key]) && ($result[$key] = true);`
`50`	`50`	`}, ARRAY_FILTER_USE_KEY);`
`51`	`51`