Merge remote-tracking branch 'arcticfoxes/MC-15385' into 2.3-qwerty-pr

Joan He · Joan He · commit 18fca4569c9c · 2019-04-23T11:32:21.000-05:00
diff --git a/app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php b/app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php
@@ -328,6 +328,7 @@ public function getFilesCollection($path, $type = null)
             $item->setName($item->getBasename());
             $item->setShortName($this->_cmsWysiwygImages->getShortFilename($item->getBasename()));
             $item->setUrl($this->_cmsWysiwygImages->getCurrentUrl() . $item->getBasename());
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $item->setSize(filesize($item->getFilename()));
             $item->setMimeType(\mime_content_type($item->getFilename()));
 
@@ -338,6 +339,7 @@ public function getFilesCollection($path, $type = null)
                     $thumbUrl = $this->_backendUrl->getUrl('cms/*/thumbnail', ['file' => $item->getId()]);
                 }
 
+                // phpcs:ignore Generic.PHP.NoSilencedErrors
                 $size = @getimagesize($item->getFilename());
 
                 if (is_array($size)) {
@@ -413,6 +415,7 @@ public function createDirectory($name, $path)
                 'id' => $this->_cmsWysiwygImages->convertPathToId($newPath),
             ];
             return $result;
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\Exception\FileSystemException $e) {
             throw new \Magento\Framework\Exception\LocalizedException(__('We cannot create a new directory.'));
         }
@@ -421,7 +424,7 @@ public function createDirectory($name, $path)
     /**
      * Recursively delete directory from storage
      *
-     * @param string $path Target dir
+     * @param string $path Absolute path to target directory
      * @return void
      * @throws \Magento\Framework\Exception\LocalizedException
      */
@@ -430,12 +433,20 @@ public function deleteDirectory($path)
         if ($this->_coreFileStorageDb->checkDbUsage()) {
             $this->_directoryDatabaseFactory->create()->deleteDirectory($path);
         }
+        if (!$this->isPathAllowed($path, $this->getConditionsForExcludeDirs())) {
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We cannot delete directory %1.', $this->_getRelativePathToRoot($path))
+            );
+        }
         try {
             $this->_deleteByPath($path);
             $path = $this->getThumbnailRoot() . $this->_getRelativePathToRoot($path);
             $this->_deleteByPath($path);
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\Exception\FileSystemException $e) {
-            throw new \Magento\Framework\Exception\LocalizedException(__('We cannot delete directory %1.', $path));
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We cannot delete directory %1.', $this->_getRelativePathToRoot($path))
+            );
         }
     }
 
@@ -482,13 +493,18 @@ public function deleteFile($target)
     /**
      * Upload and resize new file
      *
-     * @param string $targetPath Target directory
+     * @param string $targetPath Absolute path to target directory
      * @param string $type Type of storage, e.g. image, media etc.
      * @return array File info Array
      * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function uploadFile($targetPath, $type = null)
     {
+        if (!$this->isPathAllowed($targetPath, $this->getConditionsForExcludeDirs())) {
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We can\'t upload the file to current folder right now. Please try another folder.')
+            );
+        }
         /** @var \Magento\MediaStorage\Model\File\Uploader $uploader */
         $uploader = $this->_uploaderFactory->create(['fileId' => 'image']);
         $allowed = $this->getAllowedExtensions($type);
@@ -589,6 +605,7 @@ public function resizeFile($source, $keepRatio = true)
         $image->open($source);
         $image->keepAspectRatio($keepRatio);
         $image->resize($this->_resizeParameters['width'], $this->_resizeParameters['height']);
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $dest = $targetDir . '/' . pathinfo($source, PATHINFO_BASENAME);
         $image->save($dest);
         if ($this->_directory->isFile($this->_directory->getRelativePath($dest))) {
@@ -624,6 +641,7 @@ public function getThumbsPath($filePath = false)
         $thumbnailDir = $this->getThumbnailRoot();
 
         if ($filePath && strpos($filePath, $mediaRootDir) === 0) {
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $thumbnailDir .= dirname(substr($filePath, strlen($mediaRootDir)));
         }
 
@@ -674,6 +692,7 @@ public function isImage($filename)
         if (!$this->hasData('_image_extensions')) {
             $this->setData('_image_extensions', $this->getAllowedExtensions('image'));
         }
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
         return in_array($ext, $this->_getData('_image_extensions'));
     }
@@ -784,4 +803,29 @@ private function getExtensionsList($type = null): array
 
         return $allowed;
     }
+
+    /**
+     * Check if path is not in excluded dirs.
+     *
+     * @param string $path Absolute path
+     * @param array $conditions Exclude conditions
+     * @return bool
+     */
+    private function isPathAllowed($path, array $conditions): bool
+    {
+        $isAllowed = true;
+        $regExp = $conditions['reg_exp'] ? '~' . implode('|', array_keys($conditions['reg_exp'])) . '~i' : null;
+        $storageRoot = $this->_cmsWysiwygImages->getStorageRoot();
+        $storageRootLength = strlen($storageRoot);
+
+        $mediaSubPathname = substr($path, $storageRootLength);
+        $rootChildParts = explode('/', '/' . ltrim($mediaSubPathname, '/'));
+
+        if (array_key_exists($rootChildParts[1], $conditions['plain'])
+            || ($regExp && preg_match($regExp, $path))) {
+            $isAllowed = false;
+        }
+
+        return $isAllowed;
+    }
 }
diff --git a/app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php b/app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php
@@ -18,7 +18,7 @@ class StorageTest extends \PHPUnit\Framework\TestCase
     /**
      * Directory paths samples
      */
-    const STORAGE_ROOT_DIR = '/storage/root/dir';
+    const STORAGE_ROOT_DIR = '/storage/root/dir/';
 
     const INVALID_DIRECTORY_OVER_ROOT = '/storage/some/another/dir';
 
@@ -437,10 +437,11 @@ protected function generalTestGetDirsCollection($path, $collectionArray = [], $e
 
     public function testUploadFile()
     {
-        $targetPath = '/target/path';
+        $path = 'target/path';
+        $targetPath = self::STORAGE_ROOT_DIR . $path;
         $fileName = 'image.gif';
         $realPath = $targetPath . '/' . $fileName;
-        $thumbnailTargetPath = self::STORAGE_ROOT_DIR . '/.thumbs';
+        $thumbnailTargetPath = self::STORAGE_ROOT_DIR . '/.thumbs' . $path;
         $thumbnailDestination = $thumbnailTargetPath . '/' . $fileName;
         $type = 'image';
         $result = [
diff --git a/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolderTest.php b/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolderTest.php
@@ -7,6 +7,7 @@
 namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
 
 use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\App\Response\HttpFactory as ResponseFactory;
 
 /**
  * Test for \Magento\Cms\Controller\Adminhtml\Wysiwyg\Images\DeleteFolder class.
@@ -38,6 +39,11 @@ class DeleteFolderTest extends \PHPUnit\Framework\TestCase
      */
     private $filesystem;
 
+    /**
+     * @var HttpFactory
+     */
+    private $responseFactory;
+
     /**
      * @inheritdoc
      */
@@ -49,6 +55,7 @@ protected function setUp()
         /** @var \Magento\Cms\Helper\Wysiwyg\Images $imagesHelper */
         $this->imagesHelper = $objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class);
         $this->fullDirectoryPath = $this->imagesHelper->getStorageRoot();
+        $this->responseFactory = $objectManager->get(ResponseFactory::class);
         $this->model = $objectManager->get(\Magento\Cms\Controller\Adminhtml\Wysiwyg\Images\DeleteFolder::class);
     }
 
@@ -83,6 +90,7 @@ public function testExecute()
      * can be removed.
      *
      * @magentoDataFixture Magento/Cms/_files/linked_media.php
+     * @magentoAppIsolation enabled
      */
     public function testExecuteWithLinkedMedia()
     {
@@ -106,6 +114,7 @@ public function testExecuteWithLinkedMedia()
      * under media directory.
      *
      * @return void
+     * @magentoAppIsolation enabled
      */
     public function testExecuteWithWrongDirectoryName()
     {
@@ -116,6 +125,31 @@ public function testExecuteWithWrongDirectoryName()
         $this->assertFileExists($this->fullDirectoryPath . $directoryName);
     }
 
+    /**
+     * Execute method to check that there is no ability to remove folder which is in excluded directories list.
+     *
+     * @return void
+     * @magentoAppIsolation enabled
+     */
+    public function testExecuteWithExcludedDirectoryName()
+    {
+        $directoryName = 'downloadable';
+        $expectedResponseMessage = 'We cannot delete directory /downloadable.';
+        $mediaDirectory = $this->filesystem->getDirectoryWrite(DirectoryList::MEDIA);
+        $mediaDirectory->create($directoryName);
+        $this->assertFileExists($this->fullDirectoryPath . $directoryName);
+
+        $this->model->getRequest()->setParams(['node' => $this->imagesHelper->idEncode($directoryName)]);
+        $this->model->getRequest()->setMethod('POST');
+        $jsonResponse = $this->model->execute();
+        $jsonResponse->renderResult($response = $this->responseFactory->create());
+        $data = json_decode($response->getBody(), true);
+
+        $this->assertTrue($data['error']);
+        $this->assertEquals($expectedResponseMessage, $data['message']);
+        $this->assertFileExists($this->fullDirectoryPath . $directoryName);
+    }
+
     /**
      * @inheritdoc
      */
@@ -128,5 +162,8 @@ public static function tearDownAfterClass()
         if ($directory->isExist('wysiwyg')) {
             $directory->delete('wysiwyg');
         }
+        if ($directory->isExist('downloadable')) {
+            $directory->delete('downloadable');
+        }
     }
 }
diff --git a/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/UploadTest.php b/dev/tests/integration/testsuite/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/UploadTest.php
@@ -33,6 +33,11 @@ class UploadTest extends \PHPUnit\Framework\TestCase
      */
     private $fullDirectoryPath;
 
+    /**
+     * @var string
+     */
+    private $fullExcludedDirectoryPath;
+
     /**
      * @var string
      */
@@ -60,11 +65,13 @@ protected function setUp()
     {
         $this->objectManager = \Magento\TestFramework\Helper\Bootstrap::getObjectManager();
         $directoryName = 'directory1';
+        $excludedDirName = 'downloadable';
         $this->filesystem = $this->objectManager->get(\Magento\Framework\Filesystem::class);
         /** @var \Magento\Cms\Helper\Wysiwyg\Images $imagesHelper */
         $imagesHelper = $this->objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class);
         $this->mediaDirectory = $this->filesystem->getDirectoryWrite(DirectoryList::MEDIA);
         $this->fullDirectoryPath = $imagesHelper->getStorageRoot() . DIRECTORY_SEPARATOR . $directoryName;
+        $this->fullExcludedDirectoryPath = $imagesHelper->getStorageRoot() . DIRECTORY_SEPARATOR . $excludedDirName;
         $this->mediaDirectory->create($this->mediaDirectory->getRelativePath($this->fullDirectoryPath));
         $this->responseFactory = $this->objectManager->get(ResponseFactory::class);
         $this->model = $this->objectManager->get(\Magento\Cms\Controller\Adminhtml\Wysiwyg\Images\Upload::class);
@@ -115,6 +122,34 @@ public function testExecute()
         $this->assertEquals($keys, $dataKeys);
     }
 
+    /**
+     * Execute method with excluded directory path and file name to check that file can't be uploaded.
+     *
+     * @return void
+     * @magentoAppIsolation enabled
+     */
+    public function testExecuteWithExcludedDirectory()
+    {
+        $expectedError = 'We can\'t upload the file to current folder right now. Please try another folder.';
+        $this->model->getRequest()->setParams(['type' => 'image/png']);
+        $this->model->getRequest()->setMethod('POST');
+        $this->model->getStorage()->getSession()->setCurrentPath($this->fullExcludedDirectoryPath);
+        /** @var JsonResponse $jsonResponse */
+        $jsonResponse = $this->model->execute();
+        /** @var Response $response */
+        $jsonResponse->renderResult($response = $this->responseFactory->create());
+        $data = json_decode($response->getBody(), true);
+
+        $this->assertEquals($expectedError, $data['error']);
+        $this->assertFalse(
+            $this->mediaDirectory->isExist(
+                $this->mediaDirectory->getRelativePath(
+                    $this->fullExcludedDirectoryPath . DIRECTORY_SEPARATOR . $this->fileName
+                )
+            )
+        );
+    }
+
     /**
      * Execute method with correct directory path and file name to check that file can be uploaded to the directory
      * located under linked folder.
diff --git a/dev/tests/integration/testsuite/Magento/Cms/Model/Wysiwyg/Images/StorageTest.php b/dev/tests/integration/testsuite/Magento/Cms/Model/Wysiwyg/Images/StorageTest.php
@@ -107,6 +107,31 @@ public function testGetThumbsPath(): void
         );
     }
 
+    /**
+     * @return void
+     */
+    public function testDeleteDirectory(): void
+    {
+        $path = $this->objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class)->getCurrentPath();
+        $dir = 'testDeleteDirectory';
+        $fullPath = $path . $dir;
+        $this->storage->createDirectory($dir, $path);
+        $this->assertFileExists($fullPath);
+        $this->storage->deleteDirectory($fullPath);
+        $this->assertFileNotExists($fullPath);
+    }
+
+    /**
+     * @return void
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     * @expectedExceptionMessage We cannot delete directory /downloadable.
+     */
+    public function testDeleteDirectoryWithExcludedDirPath(): void
+    {
+        $dir = $this->objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class)->getCurrentPath() . 'downloadable';
+        $this->storage->deleteDirectory($dir);
+    }
+
     /**
      * @return void
      */
@@ -126,11 +151,39 @@ public function testUploadFile(): void
             'error' => 0,
             'size' => 12500,
         ];
+
         $this->storage->uploadFile(self::$_baseDir);
         $this->assertTrue(is_file(self::$_baseDir . DIRECTORY_SEPARATOR . $fileName));
         // phpcs:enable
     }
 
+    /**
+     * @return void
+     * @expectedException \Magento\Framework\Exception\LocalizedException
+     * @expectedExceptionMessage We can't upload the file to current folder right now. Please try another folder.
+     */
+    public function testUploadFileWithExcludedDirPath(): void
+    {
+        $fileName = 'magento_small_image.jpg';
+        $tmpDirectory = $this->filesystem->getDirectoryWrite(\Magento\Framework\App\Filesystem\DirectoryList::SYS_TMP);
+        $filePath = $tmpDirectory->getAbsolutePath($fileName);
+        // phpcs:disable
+        $fixtureDir = realpath(__DIR__ . '/../../../../Catalog/_files');
+        copy($fixtureDir . DIRECTORY_SEPARATOR . $fileName, $filePath);
+
+        $_FILES['image'] = [
+            'name' => $fileName,
+            'type' => 'image/jpeg',
+            'tmp_name' => $filePath,
+            'error' => 0,
+            'size' => 12500,
+        ];
+
+        $dir = $this->objectManager->get(\Magento\Cms\Helper\Wysiwyg\Images::class)->getCurrentPath() . 'downloadable';
+        $this->storage->uploadFile($dir);
+        // phpcs:enable
+    }
+
     /**
      * @param string $fileName
      * @param string $fileType
