MAGETWO-96921: Minor changes in Product Widget Chooser

Author: SeruyV

app/code/Magento/Catalog/Controller/Adminhtml/Product/Widget/Chooser.php

@@ -1,11 +1,15 @@
 <?php
 /**
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\Catalog\Controller\Adminhtml\Product\Widget;
 
+use Magento\Framework\Exception\NotFoundException;
+
+/**
+ * Chooser Product container Action.
+ */
 class Chooser extends \Magento\Backend\App\Action
 {
     /**
@@ -25,28 +29,41 @@ class Chooser extends \Magento\Backend\App\Action
      */
     protected $layoutFactory;
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\Controller\Result\RawFactory $resultRawFactory
      * @param \Magento\Framework\View\LayoutFactory $layoutFactory
+     * @param \Magento\Framework\Escaper $escaper
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\Framework\Controller\Result\RawFactory $resultRawFactory,
-        \Magento\Framework\View\LayoutFactory $layoutFactory
+        \Magento\Framework\View\LayoutFactory $layoutFactory,
+        \Magento\Framework\Escaper $escaper
     ) {
         parent::__construct($context);
         $this->resultRawFactory = $resultRawFactory;
         $this->layoutFactory = $layoutFactory;
+        $this->escaper = $escaper;
     }
 
     /**
-     * Chooser Source action
+     * Chooser Source action.
      *
      * @return \Magento\Framework\Controller\Result\Raw
+     * @throws \Magento\Framework\Exception\NotFoundException
      */
     public function execute()
     {
+        if (!$this->getRequest()->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
         $uniqId = $this->getRequest()->getParam('uniq_id');
         $massAction = $this->getRequest()->getParam('use_massaction', false);
         $productTypeId = $this->getRequest()->getParam('product_type_id', null);
@@ -57,7 +74,7 @@ public function execute()
             '',
             [
                 'data' => [
-                    'id' => $uniqId,
+                    'id' => $this->escaper->escapeHtml($uniqId),
                     'use_massaction' => $massAction,
                     'product_type_id' => $productTypeId,
                     'category_id' => $this->getRequest()->getParam('category_id'),
@@ -73,7 +90,7 @@ public function execute()
                 '',
                 [
                     'data' => [
-                        'id' => $uniqId . 'Tree',
+                        'id' => $this->escaper->escapeHtml($uniqId) . 'Tree',
                         'node_click_listener' => $productsGrid->getCategoryClickListenerJs(),
                         'with_empty_node' => true,
                     ]
@@ -88,6 +105,7 @@ public function execute()
 
         /** @var \Magento\Framework\Controller\Result\Raw $resultRaw */
         $resultRaw = $this->resultRawFactory->create();
+
         return $resultRaw->setContents($html);
     }
 }

app/code/Magento/Catalog/Test/Unit/Controller/Adminhtml/Product/Widget/ChooserTest.php

@@ -0,0 +1,97 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Catalog\Test\Unit\Controller\Adminhtml\Product\Widget;
+
+use Magento\Catalog\Controller\Adminhtml\Product\Widget\Chooser;
+use Magento\Framework\App\Action\Context;
+use Magento\Framework\Controller\Result\RawFactory;
+use Magento\Framework\View\LayoutFactory;
+use Magento\Framework\App\RequestInterface;
+use Magento\Framework\App\Request\Http;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager as ObjectManagerHelper;
+
+/**
+ * Unit tests for Magento\Catalog\Controller\Adminhtml\Product\Widget\Chooser.
+ */
+class ChooserTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var Chooser
+     */
+    private $controller;
+
+    /**
+     * @var Context|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $contextMock;
+
+    /**
+     * @var RawFactory|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $rawFactoryMock;
+
+    /**
+     * @var LayoutFactory|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $layoutFactoryMock;
+
+    /**
+     * @var RequestInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $requestInterfaceMock;
+
+    /**
+     * @var Http|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $requestMock;
+
+    /**
+     * @inheritdoc
+     */
+    protected function setUp()
+    {
+        $objectManagerHelper = new ObjectManagerHelper($this);
+
+        $this->contextMock = $this->getMock(\Magento\Backend\App\Action\Context::class, [], [], '', false);
+        $this->rawFactoryMock = $this->getMock(\Magento\Framework\Controller\Result\RawFactory::class);
+        $this->layoutFactoryMock = $this->getMock(\Magento\Framework\View\LayoutFactory::class, [], [], '', false);
+        $this->requestMock = $this->getMock(\Magento\Framework\App\Request\Http::class, [], [], '', false);
+        $this->requestInterfaceMock = $this->getMockForAbstractClass(
+            \Magento\Framework\App\RequestInterface::class,
+            [],
+            '',
+            false,
+            true,
+            true,
+            ['isPost']
+        );
+        $this->contextMock->expects($this->once())->method('getRequest')->willReturn($this->requestMock);
+
+        $this->controller = $objectManagerHelper->getObject(
+            \Magento\Catalog\Controller\Adminhtml\Product\Widget\Chooser::class,
+            [
+                'context' => $this->contextMock,
+                'resultRawFactory' => $this->rawFactoryMock,
+                'layoutFactory' => $this->layoutFactoryMock,
+            ]
+        );
+    }
+
+    /**
+     * Check that error throws when request is not a POST.
+     *
+     * @return void
+     * @expectedException \Magento\Framework\Exception\NotFoundException
+     * @expectedExceptionMessage Page not found.
+     */
+    public function testExecuteWithNonPostRequest()
+    {
+        $this->requestMock->expects($this->once())->method('isPost')->willReturn(false);
+
+        $this->controller->execute();
+    }
+}