Merge branch '2.4.5-develop' into DHL-AC-3145-JUNE-3-2022

Author: sidolov

app/code/Magento/CatalogRule/Controller/Adminhtml/Promo/Catalog/NewConditionHtml.php

@@ -6,10 +6,11 @@
  */
 namespace Magento\CatalogRule\Controller\Adminhtml\Promo\Catalog;
 
+use Magento\CatalogRule\Controller\Adminhtml\Promo\Catalog as CatalogAction;
 use Magento\Framework\App\Action\HttpGetActionInterface;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPostActionInterface;
 use Magento\Rule\Model\Condition\AbstractCondition;
-use Magento\CatalogRule\Controller\Adminhtml\Promo\Catalog as CatalogAction;
+use Magento\Rule\Model\Condition\ConditionInterface;
 
 class NewConditionHtml extends CatalogAction implements HttpPostActionInterface, HttpGetActionInterface
 {
@@ -25,6 +26,12 @@ public function execute()
         $typeArr = explode('|', str_replace('-', '/', $this->getRequest()->getParam('type', '')));
         $type = $typeArr[0];
 
+        if (class_exists($type) && !in_array(ConditionInterface::class, class_implements($type))) {
+            $html = '';
+            $this->getResponse()->setBody($html);
+            return;
+        }
+
         $model = $this->_objectManager->create($type)
             ->setId($id)
             ->setType($type)

app/code/Magento/Checkout/Controller/Sidebar/UpdateItemQty.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Checkout\Controller\Sidebar;
 
 use Magento\Checkout\Model\Cart\RequestQuantityProcessor;
@@ -16,6 +18,9 @@
 use Psr\Log\LoggerInterface;
 use Magento\Framework\App\Action\HttpPostActionInterface;
 
+/**
+ * Class used to update item quantity.
+ */
 class UpdateItemQty extends Action implements HttpPostActionInterface
 {
     /**
@@ -68,6 +73,10 @@ public function execute()
     {
         $itemId = (int)$this->getRequest()->getParam('item_id');
         $itemQty = (float)$this->getRequest()->getParam('item_qty') * 1;
+
+        if ($itemQty <= 0) {
+            return  $this->jsonResponse(__('Invalid Item Quantity Requested.'));
+        }
         $itemQty = $this->quantityProcessor->prepareQuantity($itemQty);
 
         try {

app/code/Magento/Checkout/Model/DefaultConfigProvider.php

@@ -31,6 +31,7 @@
 use Magento\Quote\Model\QuoteIdMaskFactory;
 use Magento\Store\Model\ScopeInterface;
 use Magento\Ui\Component\Form\Element\Multiline;
+use Magento\Framework\Escaper;
 
 /**
  * Default Config Provider for checkout
@@ -191,6 +192,11 @@ class DefaultConfigProvider implements ConfigProviderInterface
      */
     private $configPostProcessor;
 
+    /**
+     * @var Escaper
+     */
+    private $escaper;
+
     /**
      * @param CheckoutHelper $checkoutHelper
      * @param Session $checkoutSession
@@ -222,6 +228,7 @@ class DefaultConfigProvider implements ConfigProviderInterface
      * @param AddressMetadataInterface $addressMetadata
      * @param AttributeOptionManagementInterface $attributeOptionManager
      * @param CustomerAddressDataProvider|null $customerAddressData
+     * @param Escaper|null $escaper
      * @codeCoverageIgnore
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -255,7 +262,8 @@ public function __construct(
         CaptchaConfigPostProcessorInterface $configPostProcessor,
         AddressMetadataInterface $addressMetadata = null,
         AttributeOptionManagementInterface $attributeOptionManager = null,
-        CustomerAddressDataProvider $customerAddressData = null
+        CustomerAddressDataProvider $customerAddressData = null,
+        Escaper $escaper = null
     ) {
         $this->checkoutHelper = $checkoutHelper;
         $this->checkoutSession = $checkoutSession;
@@ -289,6 +297,7 @@ public function __construct(
         $this->customerAddressData = $customerAddressData ?:
             ObjectManager::getInstance()->get(CustomerAddressDataProvider::class);
         $this->configPostProcessor = $configPostProcessor;
+        $this->escaper = $escaper ?? ObjectManager::getInstance()->get(Escaper::class);
     }
 
     /**
@@ -343,6 +352,7 @@ public function getConfig()
             'shipping/shipping_policy/shipping_policy_content',
             ScopeInterface::SCOPE_STORE
         );
+        $policyContent = $this->escaper->escapeHtml($policyContent);
         $output['shippingPolicy'] = [
             'isEnabled' => $this->scopeConfig->isSetFlag(
                 'shipping/shipping_policy/enable_shipping_policy',

app/code/Magento/Checkout/Test/Unit/Controller/Sidebar/UpdateItemQtyTest.php

@@ -19,6 +19,9 @@
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
 
+/**
+ * Class used to execute test cases for update item quantity
+ */
 class UpdateItemQtyTest extends TestCase
 {
     /**
@@ -248,43 +251,32 @@ public function testExecuteWithException(): void
     /**
      * @return void
      */
-    public function testExecuteWithWrongRequestParams(): void
+    public function testExecuteWithInvalidItemQty(): void
     {
+        $error = [
+            'success' => false,
+            'error_message' => 'Invalid Item Quantity Requested.'
+        ];
+        $jsonResult = json_encode($error);
         $this->requestMock
             ->method('getParam')
-            ->withConsecutive(['item_id'], ['item_qty'])
-            ->willReturnOnConsecutiveCalls(0, 'error');
-
-        $this->sidebarMock->expects($this->once())
-            ->method('checkQuoteItem')
-            ->with(0)
-            ->willThrowException(new LocalizedException(__('Error!')));
+            ->withConsecutive(['item_id', null], ['item_qty', null])
+            ->willReturnOnConsecutiveCalls('1', '{{7+2}}');
 
         $this->sidebarMock->expects($this->once())
             ->method('getResponseData')
-            ->with('Error!')
-            ->willReturn(
-                [
-                    'success' => false,
-                    'error_message' => 'Error!'
-                ]
-            );
+            ->with('Invalid Item Quantity Requested.')
+            ->willReturn($error);
 
         $this->jsonHelperMock->expects($this->once())
             ->method('jsonEncode')
-            ->with(
-                [
-                    'success' => false,
-                    'error_message' => 'Error!'
-                ]
-            )
-            ->willReturn('json encoded');
+            ->with($error)
+            ->willReturn($jsonResult);
 
         $this->responseMock->expects($this->once())
             ->method('representJson')
-            ->with('json encoded')
-            ->willReturn('json represented');
+            ->willReturn($jsonResult);
 
-        $this->assertEquals('json represented', $this->updateItemQty->execute());
+        $this->assertEquals($jsonResult, $this->updateItemQty->execute());
     }
 }

app/code/Magento/Checkout/i18n/en_US.csv

@@ -186,3 +186,4 @@ Payment,Payment
 "Show Cross-sell Items in the Shopping Cart","Show Cross-sell Items in the Shopping Cart"
 "You added %1 to your <a href=""%2"">shopping cart</a>.","You added %1 to your <a href=""%2"">shopping cart</a>."
 "The shipping method is missing. Select the shipping method and try again.","The shipping method is missing. Select the shipping method and try again."
+"Invalid Item Quantity Requested.","Invalid Item Quantity Requested."

app/code/Magento/Config/Model/Config/Backend/Admin/Custom.php

@@ -17,46 +17,46 @@
  */
 class Custom extends \Magento\Framework\App\Config\Value
 {
-    const CONFIG_SCOPE = 'stores';
+    public const CONFIG_SCOPE = 'stores';
 
-    const CONFIG_SCOPE_ID = 0;
+    public const CONFIG_SCOPE_ID = 0;
 
-    const XML_PATH_UNSECURE_BASE_URL = 'web/unsecure/base_url';
-    const XML_PATH_SECURE_BASE_URL = 'web/secure/base_url';
-    const XML_PATH_UNSECURE_BASE_LINK_URL = 'web/unsecure/base_link_url';
-    const XML_PATH_SECURE_BASE_LINK_URL = 'web/secure/base_link_url';
-    const XML_PATH_CURRENCY_OPTIONS_BASE = 'currency/options/base';
-    const XML_PATH_ADMIN_SECURITY_USEFORMKEY = 'admin/security/use_form_key';
-    const XML_PATH_MAINTENANCE_MODE = 'maintenance_mode';
-    const XML_PATH_WEB_COOKIE_COOKIE_LIFETIME = 'web/cookie/cookie_lifetime';
+    public const XML_PATH_UNSECURE_BASE_URL = 'web/unsecure/base_url';
+    public const XML_PATH_SECURE_BASE_URL = 'web/secure/base_url';
+    public const XML_PATH_UNSECURE_BASE_LINK_URL = 'web/unsecure/base_link_url';
+    public const XML_PATH_SECURE_BASE_LINK_URL = 'web/secure/base_link_url';
+    public const XML_PATH_CURRENCY_OPTIONS_BASE = 'currency/options/base';
+    public const XML_PATH_ADMIN_SECURITY_USEFORMKEY = 'admin/security/use_form_key';
+    public const XML_PATH_MAINTENANCE_MODE = 'maintenance_mode';
+    public const XML_PATH_WEB_COOKIE_COOKIE_LIFETIME = 'web/cookie/cookie_lifetime';
     /**
      * @deprecated Misspelled constant - use XML_PATH_WEB_COOKIE_COOKIE_PATH instead
      */
-    const XML_PATH_WEB_COOKIE_COOKE_PATH = 'web/cookie/cookie_path';
-    const XML_PATH_WEB_COOKIE_COOKIE_PATH = 'web/cookie/cookie_path';
-    const XML_PATH_WEB_COOKIE_COOKIE_DOMAIN = 'web/cookie/cookie_domain';
-    const XML_PATH_WEB_COOKIE_HTTPONLY = 'web/cookie/cookie_httponly';
-    const XML_PATH_WEB_COOKIE_RESTRICTION = 'web/cookie/cookie_restriction';
-    const XML_PATH_GENERAL_LOCALE_TIMEZONE = 'general/locale/timezone';
-    const XML_PATH_GENERAL_LOCALE_CODE = 'general/locale/code';
-    const XML_PATH_GENERAL_COUNTRY_DEFAULT = 'general/country/default';
-    const XML_PATH_SYSTEM_BACKUP_ENABLED = 'system/backup/enabled';
-    const XML_PATH_DEV_JS_MERGE_FILES = 'dev/js/merge_files';
-    const XML_PATH_DEV_JS_MINIFY_FILES = 'dev/js/minify_files';
-    const XML_PATH_DEV_CSS_MERGE_CSS_FILES = 'dev/css/merge_css_files';
-    const XML_PATH_DEV_CSS_MINIFY_FILES = 'dev/css/minify_files';
-    const XML_PATH_DEV_IMAGE_DEFAULT_ADAPTER = 'dev/image/default_adapter';
-    const XML_PATH_WEB_SESSION_USE_FRONTEND_SID = 'web/session/use_frontend_sid';
-    const XML_PATH_WEB_SESSION_USE_HTTP_X_FORWARDED_FOR = 'web/session/use_http_x_forwarded_for';
-    const XML_PATH_WEB_SESSION_USE_HTTP_VIA = 'web/session/use_http_via';
-    const XML_PATH_WEB_SESSION_USE_REMOTE_ADDR = 'web/session/use_remote_addr';
-    const XML_PATH_WEB_SESSION_USE_HTTP_USER_AGENT = 'web/session/use_http_user_agent';
-    const XML_PATH_CATALOG_FRONTEND_FLAT_CATALOG_CATEGORY = 'catalog/frontend/flat_catalog_category';
-    const XML_PATH_CATALOG_FRONTEND_FLAT_CATALOG_PRODUCT = 'catalog/frontend/flat_catalog_product';
-    const XML_PATH_TAX_WEEE_ENABLE = 'tax/weee/enable';
-    const XML_PATH_CATALOG_SEARCH_ENGINE = 'catalog/search/engine';
-    const XML_PATH_CARRIERS = 'carriers';
-    const XML_PATH_PAYMENT = 'payment';
+    public const XML_PATH_WEB_COOKIE_COOKE_PATH = 'web/cookie/cookie_path';
+    public const XML_PATH_WEB_COOKIE_COOKIE_PATH = 'web/cookie/cookie_path';
+    public const XML_PATH_WEB_COOKIE_COOKIE_DOMAIN = 'web/cookie/cookie_domain';
+    public const XML_PATH_WEB_COOKIE_HTTPONLY = 'web/cookie/cookie_httponly';
+    public const XML_PATH_WEB_COOKIE_RESTRICTION = 'web/cookie/cookie_restriction';
+    public const XML_PATH_GENERAL_LOCALE_TIMEZONE = 'general/locale/timezone';
+    public const XML_PATH_GENERAL_LOCALE_CODE = 'general/locale/code';
+    public const XML_PATH_GENERAL_COUNTRY_DEFAULT = 'general/country/default';
+    public const XML_PATH_SYSTEM_BACKUP_ENABLED = 'system/backup/enabled';
+    public const XML_PATH_DEV_JS_MERGE_FILES = 'dev/js/merge_files';
+    public const XML_PATH_DEV_JS_MINIFY_FILES = 'dev/js/minify_files';
+    public const XML_PATH_DEV_CSS_MERGE_CSS_FILES = 'dev/css/merge_css_files';
+    public const XML_PATH_DEV_CSS_MINIFY_FILES = 'dev/css/minify_files';
+    public const XML_PATH_DEV_IMAGE_DEFAULT_ADAPTER = 'dev/image/default_adapter';
+    public const XML_PATH_WEB_SESSION_USE_FRONTEND_SID = 'web/session/use_frontend_sid';
+    public const XML_PATH_WEB_SESSION_USE_HTTP_X_FORWARDED_FOR = 'web/session/use_http_x_forwarded_for';
+    public const XML_PATH_WEB_SESSION_USE_HTTP_VIA = 'web/session/use_http_via';
+    public const XML_PATH_WEB_SESSION_USE_REMOTE_ADDR = 'web/session/use_remote_addr';
+    public const XML_PATH_WEB_SESSION_USE_HTTP_USER_AGENT = 'web/session/use_http_user_agent';
+    public const XML_PATH_CATALOG_FRONTEND_FLAT_CATALOG_CATEGORY = 'catalog/frontend/flat_catalog_category';
+    public const XML_PATH_CATALOG_FRONTEND_FLAT_CATALOG_PRODUCT = 'catalog/frontend/flat_catalog_product';
+    public const XML_PATH_TAX_WEEE_ENABLE = 'tax/weee/enable';
+    public const XML_PATH_CATALOG_SEARCH_ENGINE = 'catalog/search/engine';
+    public const XML_PATH_CARRIERS = 'carriers';
+    public const XML_PATH_PAYMENT = 'payment';
 
     /**
      * @var \Magento\Framework\App\Config\Storage\WriterInterface
@@ -119,18 +119,16 @@ public function afterSave()
         }
 
         if ($useCustomUrl == 1) {
-            $this->_configWriter->save(
+            $paths = [
                 self::XML_PATH_SECURE_BASE_URL,
-                $value,
-                self::CONFIG_SCOPE,
-                self::CONFIG_SCOPE_ID
-            );
-            $this->_configWriter->save(
                 self::XML_PATH_UNSECURE_BASE_URL,
-                $value,
-                self::CONFIG_SCOPE,
-                self::CONFIG_SCOPE_ID
-            );
+                self::XML_PATH_SECURE_BASE_LINK_URL,
+                self::XML_PATH_UNSECURE_BASE_LINK_URL,
+            ];
+
+            foreach ($paths as $path) {
+                $this->_configWriter->save($path, $value, self::CONFIG_SCOPE, self::CONFIG_SCOPE_ID);
+            }
         }
 
         return parent::afterSave();

app/code/Magento/Config/Model/Config/Backend/Admin/Usecustom.php

@@ -78,16 +78,16 @@ public function afterSave()
         $value = $this->getValue();
 
         if (!$value) {
-            $this->_configWriter->delete(
+            $paths = [
                 Custom::XML_PATH_SECURE_BASE_URL,
-                Custom::CONFIG_SCOPE,
-                Custom::CONFIG_SCOPE_ID
-            );
-            $this->_configWriter->delete(
                 Custom::XML_PATH_UNSECURE_BASE_URL,
-                Custom::CONFIG_SCOPE,
-                Custom::CONFIG_SCOPE_ID
-            );
+                Custom::XML_PATH_SECURE_BASE_LINK_URL,
+                Custom::XML_PATH_UNSECURE_BASE_LINK_URL,
+            ];
+
+            foreach ($paths as $path) {
+                $this->_configWriter->delete($path, Custom::CONFIG_SCOPE, Custom::CONFIG_SCOPE_ID);
+            }
         }
 
         return parent::afterSave();