Merge branch '2.4-develop' into MC-36956

Author: romadjelf

app/code/Magento/Catalog/Model/Attribute/Backend/DefaultBackend.php

@@ -0,0 +1,96 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Catalog\Model\Attribute\Backend;
+
+use Magento\Catalog\Model\AbstractModel;
+use Magento\Catalog\Model\ResourceModel\Eav\Attribute;
+use Magento\Eav\Model\Entity\Attribute\Backend\DefaultBackend as ParentBackend;
+use Magento\Eav\Model\Entity\Attribute\Exception;
+use Magento\Framework\DataObject;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Validation\ValidationException;
+use Magento\Framework\Validator\HTML\WYSIWYGValidatorInterface;
+
+/**
+ * Default backend model for catalog attributes.
+ */
+class DefaultBackend extends ParentBackend
+{
+    /**
+     * @var WYSIWYGValidatorInterface
+     */
+    private $wysiwygValidator;
+
+    /**
+     * @param WYSIWYGValidatorInterface $wysiwygValidator
+     */
+    public function __construct(WYSIWYGValidatorInterface $wysiwygValidator)
+    {
+        $this->wysiwygValidator = $wysiwygValidator;
+    }
+
+    /**
+     * Validate user HTML value.
+     *
+     * @param DataObject $object
+     * @return void
+     * @throws LocalizedException
+     */
+    private function validateHtml(DataObject $object): void
+    {
+        $attribute = $this->getAttribute();
+        $code = $attribute->getAttributeCode();
+        if ($attribute instanceof Attribute && $attribute->getIsHtmlAllowedOnFront()) {
+            $value = $object->getData($code);
+            if ($value
+                && is_string($value)
+                && (!($object instanceof AbstractModel) || $object->getData($code) !== $object->getOrigData($code))
+            ) {
+                try {
+                    $this->wysiwygValidator->validate($object->getData($code));
+                } catch (ValidationException $exception) {
+                    $attributeException = new Exception(
+                        __(
+                            'Using restricted HTML elements for "%1". %2',
+                            $attribute->getName(),
+                            $exception->getMessage()
+                        ),
+                        $exception
+                    );
+                    $attributeException->setAttributeCode($code)->setPart('backend');
+                    throw $attributeException;
+                }
+            }
+        }
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function beforeSave($object)
+    {
+        parent::beforeSave($object);
+        $this->validateHtml($object);
+
+        return $this;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function validate($object)
+    {
+        $isValid = parent::validate($object);
+        if ($isValid) {
+            $this->validateHtml($object);
+        }
+
+        return $isValid;
+    }
+}

app/code/Magento/Catalog/Model/ResourceModel/Eav/Attribute.php

@@ -6,7 +6,9 @@
 
 namespace Magento\Catalog\Model\ResourceModel\Eav;
 
+use Magento\Catalog\Model\Attribute\Backend\DefaultBackend;
 use Magento\Catalog\Model\Attribute\LockValidatorInterface;
+use Magento\Eav\Model\Entity;
 use Magento\Framework\Api\AttributeValueFactory;
 use Magento\Framework\Stdlib\DateTime\DateTimeFormatterInterface;
 
@@ -902,4 +904,17 @@ public function setIsFilterableInGrid($isFilterableInGrid)
         $this->setData(self::IS_FILTERABLE_IN_GRID, $isFilterableInGrid);
         return $this;
     }
+
+    /**
+     * @inheritDoc
+     */
+    protected function _getDefaultBackendModel()
+    {
+        $backend = parent::_getDefaultBackendModel();
+        if ($backend === Entity::DEFAULT_BACKEND_MODEL) {
+            $backend = DefaultBackend::class;
+        }
+
+        return $backend;
+    }
 }

app/code/Magento/Catalog/Test/Unit/Model/Attribute/Backend/DefaultBackendTest.php

@@ -0,0 +1,111 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Catalog\Test\Unit\Model\Attribute\Backend;
+
+use Magento\Catalog\Model\AbstractModel;
+use Magento\Catalog\Model\Attribute\Backend\DefaultBackend;
+use Magento\Framework\DataObject;
+use Magento\Framework\Validation\ValidationException;
+use Magento\Framework\Validator\HTML\WYSIWYGValidatorInterface;
+use PHPUnit\Framework\TestCase;
+use Magento\Eav\Model\Entity\Attribute as BasicAttribute;
+use Magento\Catalog\Model\ResourceModel\Eav\Attribute;
+use Magento\Eav\Model\Entity\Attribute\Exception as AttributeException;
+
+class DefaultBackendTest extends TestCase
+{
+    /**
+     * Different cases for attribute validation.
+     *
+     * @return array
+     */
+    public function getAttributeConfigurations(): array
+    {
+        return [
+            'basic-attribute' => [true, false, true, 'basic', 'value', false, true, false],
+            'non-html-attribute' => [false, false, false, 'non-html', 'value', false, false, false],
+            'empty-html-attribute' => [false, false, true, 'html', null, false, true, false],
+            'invalid-html-attribute' => [false, false, false, 'html', 'value', false, true, true],
+            'valid-html-attribute' => [false, true, false, 'html', 'value', false, true, false],
+            'changed-invalid-html-attribute' => [false, false, true, 'html', 'value', true, true, true],
+            'changed-valid-html-attribute' => [false, true, true, 'html', 'value', true, true, false]
+        ];
+    }
+
+    /**
+     * Test attribute validation.
+     *
+     * @param bool $isBasic
+     * @param bool $isValidated
+     * @param bool $isCatalogEntity
+     * @param string $code
+     * @param mixed $value
+     * @param bool $isChanged
+     * @param bool $isHtmlAttribute
+     * @param bool $exceptionThrown
+     * @dataProvider getAttributeConfigurations
+     */
+    public function testValidate(
+        bool $isBasic,
+        bool $isValidated,
+        bool $isCatalogEntity,
+        string $code,
+        $value,
+        bool $isChanged,
+        bool $isHtmlAttribute,
+        bool $exceptionThrown
+    ): void {
+        if ($isBasic) {
+            $attributeMock = $this->createMock(BasicAttribute::class);
+        } else {
+            $attributeMock = $this->createMock(Attribute::class);
+            $attributeMock->expects($this->any())
+                ->method('getIsHtmlAllowedOnFront')
+                ->willReturn($isHtmlAttribute);
+        }
+        $attributeMock->expects($this->any())->method('getAttributeCode')->willReturn($code);
+
+        $validatorMock = $this->getMockForAbstractClass(WYSIWYGValidatorInterface::class);
+        if (!$isValidated) {
+            $validatorMock->expects($this->any())
+                ->method('validate')
+                ->willThrowException(new ValidationException(__('HTML is invalid')));
+        } else {
+            $validatorMock->expects($this->any())->method('validate');
+        }
+
+        if ($isCatalogEntity) {
+            $objectMock = $this->createMock(AbstractModel::class);
+            $objectMock->expects($this->any())
+                ->method('getOrigData')
+                ->willReturn($isChanged ? $value .'-OLD' : $value);
+        } else {
+            $objectMock = $this->createMock(DataObject::class);
+        }
+        $objectMock->expects($this->any())->method('getData')->with($code)->willReturn($value);
+
+        $model = new DefaultBackend($validatorMock);
+        $model->setAttribute($attributeMock);
+
+        $actuallyThrownForSave = false;
+        try {
+            $model->beforeSave($objectMock);
+        } catch (AttributeException $exception) {
+            $actuallyThrownForSave = true;
+        }
+        $actuallyThrownForValidate = false;
+        try {
+            $model->validate($objectMock);
+        } catch (AttributeException $exception) {
+            $actuallyThrownForValidate = true;
+        }
+        $this->assertEquals($actuallyThrownForSave, $actuallyThrownForValidate);
+        $this->assertEquals($actuallyThrownForSave, $exceptionThrown);
+    }
+}

app/code/Magento/Catalog/Test/Unit/Model/Plugin/ProductRepository/TransactionWrapperTest.php

@@ -62,7 +62,7 @@ protected function setUp(): void
         $this->closureMock = function () use ($productMock) {
             return $productMock;
         };
-        $this->rollbackClosureMock = function () use ($productMock) {
+        $this->rollbackClosureMock = function () {
             throw new \Exception(self::ERROR_MSG);
         };
 

app/code/Magento/CatalogCustomerGraphQl/Model/Resolver/TierPrices.php

@@ -87,7 +87,7 @@ public function resolve(
         $this->tiers->addProductFilter($productId);
 
         return $this->valueFactory->create(
-            function () use ($productId, $context) {
+            function () use ($productId) {
                 $tierPrices = $this->tiers->getProductTierPrices($productId);
 
                 return $tierPrices ?? [];

app/code/Magento/CatalogSearch/Model/Advanced.php

@@ -359,6 +359,8 @@ protected function getPreparedSearchCriteria($attribute, $value)
         if (is_array($value)) {
             if (isset($value['from']) && isset($value['to'])) {
                 if (!empty($value['from']) || !empty($value['to'])) {
+                    $from = '';
+                    $to = '';
                     if (isset($value['currency'])) {
                         /** @var $currencyModel Currency */
                         $currencyModel = $this->_currencyFactory->create()->load($value['currency']);

app/code/Magento/Checkout/Test/Mftf/ActionGroup/LoggedInUserCheckoutFillingShippingSectionActionGroup.xml

@@ -24,11 +24,12 @@
         <selectOption selector="{{CheckoutShippingSection.region}}" userInput="{{customerAddressVar.state}}" stepKey="selectRegion"/>
         <fillField selector="{{CheckoutShippingSection.postcode}}" userInput="{{customerAddressVar.postcode}}" stepKey="enterPostcode"/>
         <fillField selector="{{CheckoutShippingSection.telephone}}" userInput="{{customerAddressVar.telephone}}" stepKey="enterTelephone"/>
-        <waitForLoadingMaskToDisappear stepKey="waitForLoadingMask"/>
+        <waitForPageLoad stepKey="waitForLoadingMask"/>
         <click selector="{{CheckoutShippingSection.firstShippingMethod}}" stepKey="selectFirstShippingMethod"/>
-        <waitForElement selector="{{CheckoutShippingSection.next}}" time="30" stepKey="waitForNextButton"/>
+        <waitForElementVisible selector="{{CheckoutShippingSection.next}}" time="30" stepKey="waitForNextButton"/>
+        <waitForPageLoad stepKey="waitForShippingLoadingMask"/>
         <click selector="{{CheckoutShippingSection.next}}" stepKey="clickNext"/>
-        <waitForElement selector="{{CheckoutPaymentSection.paymentSectionTitle}}" time="30" stepKey="waitForPaymentSectionLoaded"/>
+        <waitForElementVisible selector="{{CheckoutPaymentSection.paymentSectionTitle}}" time="30" stepKey="waitForPaymentSectionLoaded"/>
         <seeInCurrentUrl url="{{CheckoutPage.url}}/#payment" stepKey="assertCheckoutPaymentUrl"/>
     </actionGroup>
 </actionGroups>

app/code/Magento/Cms/Command/WysiwygRestrictCommand.php

@@ -0,0 +1,72 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Cms\Command;
+
+use Magento\Cms\Model\Wysiwyg\Validator;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Magento\Framework\App\Config\ConfigResource\ConfigInterface as ConfigWriter;
+use Magento\Framework\App\Cache\TypeListInterface as Cache;
+
+/**
+ * Command to toggle WYSIWYG content validation on/off.
+ */
+class WysiwygRestrictCommand extends Command
+{
+    /**
+     * @var ConfigWriter
+     */
+    private $configWriter;
+
+    /**
+     * @var Cache
+     */
+    private $cache;
+
+    /**
+     * @param ConfigWriter $configWriter
+     * @param Cache $cache
+     */
+    public function __construct(ConfigWriter $configWriter, Cache $cache)
+    {
+        parent::__construct();
+
+        $this->configWriter = $configWriter;
+        $this->cache = $cache;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function configure()
+    {
+        $this->setName('cms:wysiwyg:restrict');
+        $this->setDescription('Set whether to enforce user HTML content validation or show a warning instead');
+        $this->setDefinition([new InputArgument('restrict', InputArgument::REQUIRED, 'y\n')]);
+
+        parent::configure();
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $restrictArg = mb_strtolower((string)$input->getArgument('restrict'));
+        $restrict = $restrictArg === 'y' ? '1' : '0';
+        $this->configWriter->saveConfig(Validator::CONFIG_PATH_THROW_EXCEPTION, $restrict);
+        $this->cache->cleanType('config');
+
+        $output->writeln('HTML user content validation is now ' .($restrictArg === 'y' ? 'enforced' : 'suggested'));
+
+        return 0;
+    }
+}