Merge remote-tracking branch 'upstream/develop' into MAGETWO-56133-unsecure-functions

Author: Igor Melnikov

app/code/Magento/Authorizenet/view/adminhtml/templates/directpost/info.phtml

@@ -35,8 +35,12 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
         </label>
         <div class="admin__field-control">
             <select id="<?php /* @noEscape */ echo $code; ?>_cc_type" name="payment[cc_type]"
-                    class="required-entry validate-cc-type-select admin__control-select">
-                <option value=""></option>
+                    class="admin__control-select"
+                    data-validate="{
+                        'required':true,
+                        'validate-cc-type-select':'#<?php /* @noEscape */ echo $code; ?>_cc_number'
+                        }">
+                <option value=""><?php echo $block->escapeHtml(__('Please Select')); ?></option>
                 <?php foreach ($block->getCcAvailableTypes() as $typeCode => $typeName): ?>
                     <option value="<?php echo $block->escapeHtml($typeCode); ?>"
                             <?php if ($typeCode == $ccType): ?>selected="selected"<?php endif; ?>>
@@ -46,27 +50,37 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             </select>
         </div>
     </div>
+
     <div class="admin__field _required">
         <label for="<?php /* @noEscape */ echo $code; ?>_cc_number" class="admin__field-label">
             <span><?php echo $block->escapeHtml(__('Credit Card Number')); ?></span>
         </label>
-
         <div class="admin__field-control">
             <input type="text" id="<?php /* @noEscape */ echo $code; ?>_cc_number"
                    name="payment[cc_number]"
-                   class="input-text required-entry validate-cc-number admin__control-text"
+                   data-validate="{
+                       'required-number':true,
+                       'validate-cc-number':'#<?php /* @noEscape */ echo $code; ?>_cc_type',
+                       'validate-cc-type':'#<?php /* @noEscape */ echo $code; ?>_cc_type'
+                   }"
+                   class="admin__control-text"
                    value="<?php /* @noEscape */ echo $block->getInfoData('cc_number'); ?>"/>
         </div>
     </div>
-    <div class="admin__field _required">
+
+    <div class="admin__field _required field-date" id="<?php /* @noEscape */ echo $code; ?>_cc_type_exp_div">
         <label for="<?php /* @noEscape */ echo $code; ?>_expiration" class="admin__field-label">
             <span><?php echo $block->escapeHtml(__('Expiration Date')); ?></span>
         </label>
 
         <div class="admin__field-control">
             <select id="<?php /* @noEscape */ echo $code; ?>_expiration"
                     name="payment[cc_exp_month]"
-                    class="validate-cc-exp required-entry admin__control-select admin__control-select-month">
+                    class="admin__control-select admin__control-select-month"
+                    data-validate="{
+                        'required':true,
+                        'validate-cc-exp':'#<?php /* @noEscape */ echo $code; ?>_expiration_yr'
+                        }">
                 <?php foreach ($block->getCcMonths() as $k => $v): ?>
                     <option value="<?php echo $block->escapeHtml($k); ?>"
                             <?php if ($k == $ccExpMonth): ?>selected="selected"<?php endif; ?>>
@@ -76,7 +90,9 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             </select>
             <select id="<?php /* @noEscape */ echo $code; ?>_expiration_yr"
                     name="payment[cc_exp_year]"
-                    class="required-entry admin__control-select admin__control-select-year">
+                    class="admin__control-select admin__control-select-year"
+                    data-container="<?php /* @noEscape */ echo $code; ?>-cc-year"
+                    data-validate="{required:true}">
                 <?php foreach ($block->getCcYears() as $k => $v): ?>
                     <option value="<?php /* @noEscape */ echo $k ? $block->escapeHtml($k) : ''; ?>"
                             <?php if ($k == $ccExpYear): ?>selected="selected"<?php endif; ?>>
@@ -86,17 +102,27 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
             </select>
         </div>
     </div>
+
     <?php if ($block->hasVerification()): ?>
-    <div class="admin__field _required">
-        <label for="<?php /* @noEscape */ echo $code; ?>_cc_cid">
+    <div class="admin__field _required field-cvv">
+        <label class="admin__field-label"
+               for="<?php /* @noEscape */ echo $code; ?>_cc_cid"
+               id="<?php /* @noEscape */ echo $code; ?>_cc_type_cvv_div">
             <span><?php echo $block->escapeHtml(__('Card Verification Number')); ?></span>
         </label>
 
         <div class="admin__field-control">
             <input type="text"
-                   class="required-entry input-text validate-cc-cvn admin__control-text"
+                   data-container="<?php /* @noEscape */ echo $code; ?>-cc-cvv"
+                   title="<?php echo $block->escapeHtml(__('Card Verification Number')); ?>"
+                   class="admin__control-text cvv"
                    id="<?php /* @noEscape */ echo $code; ?>_cc_cid" name="payment[cc_cid]"
-                   value="<?php /* @noEscape */ echo $block->getInfoData('cc_cid') ?>"/>
+                   value="<?php /* @noEscape */ echo $block->getInfoData('cc_cid') ?>"
+                   data-validate="{
+                       'required-number':true,
+                       'validate-cc-cvn':'#<?php /* @noEscape */ echo $code; ?>_cc_type'
+                   }"
+                   autocomplete="off"/>
         </div>
     </div>
     <?php endif; ?>
@@ -105,7 +131,7 @@ $ccExpYear = $block->getInfoData('cc_exp_year');
     require([
         'prototype',
         'Magento_Sales/order/create/scripts',
-        "Magento_Sales/order/create/form",
+        'Magento_Sales/order/create/form',
         'Magento_Authorizenet/js/direct-post'
     ], function(){
 

app/code/Magento/Catalog/Helper/Product/Compare.php

@@ -231,6 +231,8 @@ public function getPostDataRemove($product)
         $data = [
             \Magento\Framework\App\ActionInterface::PARAM_NAME_URL_ENCODED => '',
             'product' => $product->getId(),
+            'confirmation' => true,
+            'confirmationMessage' => __('Are you sure you want to remove this item from your Compare Products list?')
         ];
         return $this->postHelper->getPostData($this->getRemoveUrl(), $data);
     }
@@ -254,6 +256,8 @@ public function getPostDataClearList()
     {
         $params = [
             \Magento\Framework\App\ActionInterface::PARAM_NAME_URL_ENCODED => '',
+            'confirmation' => true,
+            'confirmationMessage' => __('Are you sure you want to remove all items from your Compare Products list?'),
         ];
         return $this->postHelper->getPostData($this->getClearListUrl(), $params);
     }

app/code/Magento/Catalog/Model/ResourceModel/Product/Option/Value.php

@@ -33,6 +33,11 @@ class Value extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
      */
     protected $_config;
 
+    /**
+     * @var \Magento\Framework\Locale\FormatInterface
+     */
+    private $localeFormat;
+
     /**
      * Class constructor
      *
@@ -91,8 +96,9 @@ protected function _afterSave(\Magento\Framework\Model\AbstractModel $object)
     protected function _saveValuePrices(\Magento\Framework\Model\AbstractModel $object)
     {
         $priceTable = $this->getTable('catalog_product_option_type_price');
+        $formattedPrice = $this->getLocaleFormatter()->getNumber($object->getPrice());
 
-        $price = (double)sprintf('%F', $object->getPrice());
+        $price = (double)sprintf('%F', $formattedPrice);
         $priceType = $object->getPriceType();
 
         if ($object->getPrice() && $priceType) {
@@ -410,4 +416,19 @@ public function duplicate(\Magento\Catalog\Model\Product\Option\Value $object, $
 
         return $object;
     }
+
+    /**
+     * Get FormatInterface to convert price from string to number format
+     *
+     * @return \Magento\Framework\Locale\FormatInterface
+     * @deprecated
+     */
+    private function getLocaleFormatter()
+    {
+        if ($this->localeFormat === null) {
+            $this->localeFormat = \Magento\Framework\App\ObjectManager::getInstance()
+                ->get(\Magento\Framework\Locale\FormatInterface::class);
+        }
+        return $this->localeFormat;
+    }
 }

app/code/Magento/Catalog/Test/Unit/Helper/Product/CompareTest.php

@@ -115,7 +115,9 @@ public function testGetPostDataRemove()
         $removeUrl = 'catalog/product_compare/remove';
         $postParams = [
             Action::PARAM_NAME_URL_ENCODED => '',
-            'product' => $productId
+            'product' => $productId,
+            'confirmation' => true,
+            'confirmationMessage' => __('Are you sure you want to remove this item from your Compare Products list?'),
         ];
 
         //Verification
@@ -156,7 +158,9 @@ public function testGetPostDataClearList()
         //Data
         $clearUrl = 'catalog/product_compare/clear';
         $postParams = [
-            Action::PARAM_NAME_URL_ENCODED => ''
+            Action::PARAM_NAME_URL_ENCODED => '',
+            'confirmation' => true,
+            'confirmationMessage' => __('Are you sure you want to remove all items from your Compare Products list?'),
         ];
 
         //Verification

app/code/Magento/Catalog/Test/Unit/Model/ProductTest.php

@@ -831,20 +831,6 @@ private function getStatusStockProviderData($extensionAttributesMock)
         ];
     }
 
-    public function testStatusAfterLoad()
-    {
-        $this->resource->expects($this->once())->method('load')->with($this->model, 1, null);
-        $this->eventManagerMock->expects($this->exactly(4))->method('dispatch');
-        $this->model->load(1);
-        $this->assertEquals(
-            Status::STATUS_ENABLED,
-            $this->model->getData(\Magento\Catalog\Model\Product::STATUS)
-        );
-        $this->assertFalse($this->model->hasDataChanges());
-        $this->model->setStatus(Status::STATUS_DISABLED);
-        $this->assertTrue($this->model->hasDataChanges());
-    }
-
     /**
      * Test retrieving price Info
      */

app/code/Magento/Catalog/view/adminhtml/web/js/components/import-handler.js

@@ -4,8 +4,9 @@
  */
 
 define([
+    'underscore',
     'Magento_Ui/js/form/element/textarea'
-], function (Textarea) {
+], function (_, Textarea) {
     'use strict';
 
     return Textarea.extend({
@@ -123,24 +124,21 @@ define([
          * Update field value, if it's allowed
          */
         updateValue: function () {
-            var str = this.mask,
+            var str = this.mask || '',
                 nonEmptyValueFlag = false,
-                placeholder,
-                property,
                 tmpElement;
 
             if (!this.allowImport) {
                 return;
             }
 
-            for (property in this.values) {
-                if (this.values.hasOwnProperty(property)) {
-                    placeholder = '';
-                    placeholder = placeholder.concat('{{', property, '}}');
-                    str = str.replace(placeholder, this.values[property]);
-                    nonEmptyValueFlag = nonEmptyValueFlag || !!this.values[property];
-                }
+            if (str) {
+                _.each(this.values, function (propertyValue, propertyName) {
+                    str = str.replace('{{' + propertyName + '}}', propertyValue);
+                    nonEmptyValueFlag = nonEmptyValueFlag || !!propertyValue;
+                });
             }
+
             // strip tags
             tmpElement = document.createElement('div');
             tmpElement.innerHTML = str;

app/code/Magento/Catalog/view/frontend/requirejs-config.js

@@ -6,7 +6,6 @@
 var config = {
     map: {
         '*': {
-            compareItems:           'Magento_Catalog/js/compare',
             compareList:            'Magento_Catalog/js/list',
             relatedProducts:        'Magento_Catalog/js/related-products',
             upsellProducts:         'Magento_Catalog/js/upsell-products',

app/code/Magento/Catalog/view/frontend/web/js/compare.js

@@ -2,37 +2,32 @@
  * Copyright © 2016 Magento. All rights reserved.
  * See COPYING.txt for license details.
  */
+
 define([
     'uiComponent',
     'Magento_Customer/js/customer-data',
-    'mage/translate'
-], function (Component, customerData) {
+    'jquery',
+    'mage/mage',
+    'mage/decorate'
+], function (Component, customerData, $) {
     'use strict';
 
     var sidebarInitialized = false;
 
+    /**
+     * Initialize sidebar
+     */
     function initSidebar() {
         if (sidebarInitialized) {
             return;
         }
-        sidebarInitialized = true;
-        require([
-            'jquery',
-            'mage/mage'
-        ], function ($) {
-            /*eslint-disable max-len*/
-            $('[data-role=compare-products-sidebar]').mage('compareItems', {
-                'removeConfirmMessage': $.mage.__('Are you sure you want to remove this item from your Compare Products list?'),
-                'removeSelector': '#compare-items a.action.delete',
-                'clearAllConfirmMessage': $.mage.__('Are you sure you want to remove all items from your Compare Products list?'),
-                'clearAllSelector': '#compare-clear-all'
-            });
 
-            /*eslint-enable max-len*/
-        });
+        sidebarInitialized = true;
+        $('[data-role=compare-products-sidebar]').decorate('list', true);
     }
 
     return Component.extend({
+        /** @inheritdoc */
         initialize: function () {
             this._super();
             this.compareProducts = customerData.get('compare-products');

app/code/Magento/Catalog/view/frontend/web/js/view/compare-products.js

@@ -10,7 +10,8 @@ var config = {
             address:            'Magento_Customer/address',
             changeEmailPassword: 'Magento_Customer/change-email-password',
             passwordStrengthIndicator: 'Magento_Customer/js/password-strength-indicator',
-            zxcvbn: 'Magento_Customer/js/zxcvbn'
+            zxcvbn: 'Magento_Customer/js/zxcvbn',
+            addressValidation: 'Magento_Customer/js/addressValidation'
         }
     }
 };