merge magento/2.3-qwerty into magento-tsg/2.3-qwerty-pr49

Author: magento-cicd2

app/code/Magento/Checkout/Model/ShippingInformationManagement.php

@@ -53,7 +53,6 @@ class ShippingInformationManagement implements \Magento\Checkout\Api\ShippingInf
 
     /**
      * @var QuoteAddressValidator
-     * @deprecated 100.2.0
      */
     protected $addressValidator;
 
@@ -152,35 +151,36 @@ public function saveAddressInformation(
         $cartId,
         \Magento\Checkout\Api\Data\ShippingInformationInterface $addressInformation
     ) {
-        $address = $addressInformation->getShippingAddress();
-        $billingAddress = $addressInformation->getBillingAddress();
-        $carrierCode = $addressInformation->getShippingCarrierCode();
-        $methodCode = $addressInformation->getShippingMethodCode();
+        /** @var \Magento\Quote\Model\Quote $quote */
+        $quote = $this->quoteRepository->getActive($cartId);
+        $this->validateQuote($quote);
 
+        $address = $addressInformation->getShippingAddress();
+        if (!$address || !$address->getCountryId()) {
+            throw new StateException(__('The shipping address is missing. Set the address and try again.'));
+        }
         if (!$address->getCustomerAddressId()) {
             $address->setCustomerAddressId(null);
         }
 
-        if ($billingAddress && !$billingAddress->getCustomerAddressId()) {
-            $billingAddress->setCustomerAddressId(null);
-        }
-
-        if (!$address->getCountryId()) {
-            throw new StateException(__('The shipping address is missing. Set the address and try again.'));
-        }
+        try {
+            $billingAddress = $addressInformation->getBillingAddress();
+            if ($billingAddress) {
+                if (!$billingAddress->getCustomerAddressId()) {
+                    $billingAddress->setCustomerAddressId(null);
+                }
+                $this->addressValidator->validateForCart($quote, $billingAddress);
+                $quote->setBillingAddress($billingAddress);
+            }
 
-        /** @var \Magento\Quote\Model\Quote $quote */
-        $quote = $this->quoteRepository->getActive($cartId);
-        $address->setLimitCarrier($carrierCode);
-        $quote = $this->prepareShippingAssignment($quote, $address, $carrierCode . '_' . $methodCode);
-        $this->validateQuote($quote);
-        $quote->setIsMultiShipping(false);
+            $this->addressValidator->validateForCart($quote, $address);
+            $carrierCode = $addressInformation->getShippingCarrierCode();
+            $address->setLimitCarrier($carrierCode);
+            $methodCode = $addressInformation->getShippingMethodCode();
+            $quote = $this->prepareShippingAssignment($quote, $address, $carrierCode . '_' . $methodCode);
 
-        if ($billingAddress) {
-            $quote->setBillingAddress($billingAddress);
-        }
+            $quote->setIsMultiShipping(false);
 
-        try {
             $this->quoteRepository->save($quote);
         } catch (\Exception $e) {
             $this->logger->critical($e);

app/code/Magento/Checkout/Test/Unit/Model/ShippingInformationManagementTest.php

@@ -82,6 +82,11 @@ class ShippingInformationManagementTest extends \PHPUnit\Framework\TestCase
      */
     private $shippingMock;
 
+    /**
+     * @var \PHPUnit_Framework_MockObject_MockObject
+     */
+    private $addressValidatorMock;
+
     protected function setUp()
     {
         $this->objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
@@ -141,6 +146,9 @@ protected function setUp()
             $this->createPartialMock(\Magento\Quote\Api\Data\CartExtensionFactory::class, ['create']);
         $this->shippingFactoryMock =
             $this->createPartialMock(\Magento\Quote\Model\ShippingFactory::class, ['create']);
+        $this->addressValidatorMock = $this->createMock(
+            \Magento\Quote\Model\QuoteAddressValidator::class
+        );
 
         $this->model = $this->objectManager->getObject(
             \Magento\Checkout\Model\ShippingInformationManagement::class,
@@ -151,7 +159,8 @@ protected function setUp()
                 'quoteRepository' => $this->quoteRepositoryMock,
                 'shippingAssignmentFactory' => $this->shippingAssignmentFactoryMock,
                 'cartExtensionFactory' => $this->cartExtensionFactoryMock,
-                'shippingFactory' => $this->shippingFactoryMock
+                'shippingFactory' => $this->shippingFactoryMock,
+                'addressValidator' => $this->addressValidatorMock,
             ]
         );
     }
@@ -163,22 +172,8 @@ protected function setUp()
     public function testSaveAddressInformationIfCartIsEmpty()
     {
         $cartId = 100;
-        $carrierCode = 'carrier_code';
-        $shippingMethod = 'shipping_method';
         $addressInformationMock = $this->createMock(\Magento\Checkout\Api\Data\ShippingInformationInterface::class);
 
-        $billingAddress = $this->createMock(\Magento\Quote\Api\Data\AddressInterface::class);
-        $addressInformationMock->expects($this->once())
-            ->method('getShippingAddress')
-            ->willReturn($this->shippingAddressMock);
-        $addressInformationMock->expects($this->once())->method('getBillingAddress')->willReturn($billingAddress);
-        $addressInformationMock->expects($this->once())->method('getShippingCarrierCode')->willReturn($carrierCode);
-        $addressInformationMock->expects($this->once())->method('getShippingMethodCode')->willReturn($shippingMethod);
-
-        $this->shippingAddressMock->expects($this->once())->method('getCountryId')->willReturn('USA');
-
-        $this->setShippingAssignmentsMocks($carrierCode . '_' . $shippingMethod);
-
         $this->quoteMock->expects($this->once())->method('getItemsCount')->willReturn(0);
         $this->quoteRepositoryMock->expects($this->once())
             ->method('getActive')
@@ -244,21 +239,19 @@ private function setShippingAssignmentsMocks($shippingMethod)
     public function testSaveAddressInformationIfShippingAddressNotSet()
     {
         $cartId = 100;
-        $carrierCode = 'carrier_code';
-        $shippingMethod = 'shipping_method';
         $addressInformationMock = $this->createMock(\Magento\Checkout\Api\Data\ShippingInformationInterface::class);
-
         $addressInformationMock->expects($this->once())
             ->method('getShippingAddress')
             ->willReturn($this->shippingAddressMock);
-        $addressInformationMock->expects($this->once())->method('getShippingCarrierCode')->willReturn($carrierCode);
-        $addressInformationMock->expects($this->once())->method('getShippingMethodCode')->willReturn($shippingMethod);
-
-        $billingAddress = $this->createMock(\Magento\Quote\Api\Data\AddressInterface::class);
-        $addressInformationMock->expects($this->once())->method('getBillingAddress')->willReturn($billingAddress);
 
         $this->shippingAddressMock->expects($this->once())->method('getCountryId')->willReturn(null);
 
+        $this->quoteRepositoryMock->expects($this->once())
+            ->method('getActive')
+            ->with($cartId)
+            ->willReturn($this->quoteMock);
+        $this->quoteMock->expects($this->once())->method('getItemsCount')->willReturn(100);
+
         $this->model->saveAddressInformation($cartId, $addressInformationMock);
     }
 
@@ -273,6 +266,9 @@ public function testSaveAddressInformationIfCanNotSaveQuote()
         $shippingMethod = 'shipping_method';
         $addressInformationMock = $this->createMock(\Magento\Checkout\Api\Data\ShippingInformationInterface::class);
 
+        $this->addressValidatorMock->expects($this->exactly(2))
+            ->method('validateForCart');
+
         $this->quoteRepositoryMock->expects($this->once())
             ->method('getActive')
             ->with($cartId)
@@ -314,6 +310,9 @@ public function testSaveAddressInformationIfCarrierCodeIsInvalid()
         $shippingMethod = 'shipping_method';
         $addressInformationMock = $this->createMock(\Magento\Checkout\Api\Data\ShippingInformationInterface::class);
 
+        $this->addressValidatorMock->expects($this->exactly(2))
+            ->method('validateForCart');
+
         $this->quoteRepositoryMock->expects($this->once())
             ->method('getActive')
             ->with($cartId)
@@ -355,6 +354,9 @@ public function testSaveAddressInformation()
         $shippingMethod = 'shipping_method';
         $addressInformationMock = $this->createMock(\Magento\Checkout\Api\Data\ShippingInformationInterface::class);
 
+        $this->addressValidatorMock->expects($this->exactly(2))
+            ->method('validateForCart');
+
         $this->quoteRepositoryMock->expects($this->once())
             ->method('getActive')
             ->with($cartId)

app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php

@@ -328,6 +328,7 @@ public function getFilesCollection($path, $type = null)
             $item->setName($item->getBasename());
             $item->setShortName($this->_cmsWysiwygImages->getShortFilename($item->getBasename()));
             $item->setUrl($this->_cmsWysiwygImages->getCurrentUrl() . $item->getBasename());
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $item->setSize(filesize($item->getFilename()));
             $item->setMimeType(\mime_content_type($item->getFilename()));
 
@@ -338,6 +339,7 @@ public function getFilesCollection($path, $type = null)
                     $thumbUrl = $this->_backendUrl->getUrl('cms/*/thumbnail', ['file' => $item->getId()]);
                 }
 
+                // phpcs:ignore Generic.PHP.NoSilencedErrors
                 $size = @getimagesize($item->getFilename());
 
                 if (is_array($size)) {
@@ -413,6 +415,7 @@ public function createDirectory($name, $path)
                 'id' => $this->_cmsWysiwygImages->convertPathToId($newPath),
             ];
             return $result;
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\Exception\FileSystemException $e) {
             throw new \Magento\Framework\Exception\LocalizedException(__('We cannot create a new directory.'));
         }
@@ -421,7 +424,7 @@ public function createDirectory($name, $path)
     /**
      * Recursively delete directory from storage
      *
-     * @param string $path Target dir
+     * @param string $path Absolute path to target directory
      * @return void
      * @throws \Magento\Framework\Exception\LocalizedException
      */
@@ -430,12 +433,20 @@ public function deleteDirectory($path)
         if ($this->_coreFileStorageDb->checkDbUsage()) {
             $this->_directoryDatabaseFactory->create()->deleteDirectory($path);
         }
+        if (!$this->isPathAllowed($path, $this->getConditionsForExcludeDirs())) {
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We cannot delete directory %1.', $this->_getRelativePathToRoot($path))
+            );
+        }
         try {
             $this->_deleteByPath($path);
             $path = $this->getThumbnailRoot() . $this->_getRelativePathToRoot($path);
             $this->_deleteByPath($path);
+            // phpcs:ignore Magento2.Exceptions.ThrowCatch
         } catch (\Magento\Framework\Exception\FileSystemException $e) {
-            throw new \Magento\Framework\Exception\LocalizedException(__('We cannot delete directory %1.', $path));
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We cannot delete directory %1.', $this->_getRelativePathToRoot($path))
+            );
         }
     }
 
@@ -482,13 +493,18 @@ public function deleteFile($target)
     /**
      * Upload and resize new file
      *
-     * @param string $targetPath Target directory
+     * @param string $targetPath Absolute path to target directory
      * @param string $type Type of storage, e.g. image, media etc.
      * @return array File info Array
      * @throws \Magento\Framework\Exception\LocalizedException
      */
     public function uploadFile($targetPath, $type = null)
     {
+        if (!$this->isPathAllowed($targetPath, $this->getConditionsForExcludeDirs())) {
+            throw new \Magento\Framework\Exception\LocalizedException(
+                __('We can\'t upload the file to current folder right now. Please try another folder.')
+            );
+        }
         /** @var \Magento\MediaStorage\Model\File\Uploader $uploader */
         $uploader = $this->_uploaderFactory->create(['fileId' => 'image']);
         $allowed = $this->getAllowedExtensions($type);
@@ -589,6 +605,7 @@ public function resizeFile($source, $keepRatio = true)
         $image->open($source);
         $image->keepAspectRatio($keepRatio);
         $image->resize($this->_resizeParameters['width'], $this->_resizeParameters['height']);
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $dest = $targetDir . '/' . pathinfo($source, PATHINFO_BASENAME);
         $image->save($dest);
         if ($this->_directory->isFile($this->_directory->getRelativePath($dest))) {
@@ -624,6 +641,7 @@ public function getThumbsPath($filePath = false)
         $thumbnailDir = $this->getThumbnailRoot();
 
         if ($filePath && strpos($filePath, $mediaRootDir) === 0) {
+            // phpcs:ignore Magento2.Functions.DiscouragedFunction
             $thumbnailDir .= dirname(substr($filePath, strlen($mediaRootDir)));
         }
 
@@ -674,6 +692,7 @@ public function isImage($filename)
         if (!$this->hasData('_image_extensions')) {
             $this->setData('_image_extensions', $this->getAllowedExtensions('image'));
         }
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
         return in_array($ext, $this->_getData('_image_extensions'));
     }
@@ -784,4 +803,29 @@ private function getExtensionsList($type = null): array
 
         return $allowed;
     }
+
+    /**
+     * Check if path is not in excluded dirs.
+     *
+     * @param string $path Absolute path
+     * @param array $conditions Exclude conditions
+     * @return bool
+     */
+    private function isPathAllowed($path, array $conditions): bool
+    {
+        $isAllowed = true;
+        $regExp = $conditions['reg_exp'] ? '~' . implode('|', array_keys($conditions['reg_exp'])) . '~i' : null;
+        $storageRoot = $this->_cmsWysiwygImages->getStorageRoot();
+        $storageRootLength = strlen($storageRoot);
+
+        $mediaSubPathname = substr($path, $storageRootLength);
+        $rootChildParts = explode('/', '/' . ltrim($mediaSubPathname, '/'));
+
+        if (array_key_exists($rootChildParts[1], $conditions['plain'])
+            || ($regExp && preg_match($regExp, $path))) {
+            $isAllowed = false;
+        }
+
+        return $isAllowed;
+    }
 }

app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php

@@ -18,7 +18,7 @@ class StorageTest extends \PHPUnit\Framework\TestCase
     /**
      * Directory paths samples
      */
-    const STORAGE_ROOT_DIR = '/storage/root/dir';
+    const STORAGE_ROOT_DIR = '/storage/root/dir/';
 
     const INVALID_DIRECTORY_OVER_ROOT = '/storage/some/another/dir';
 
@@ -437,10 +437,11 @@ protected function generalTestGetDirsCollection($path, $collectionArray = [], $e
 
     public function testUploadFile()
     {
-        $targetPath = '/target/path';
+        $path = 'target/path';
+        $targetPath = self::STORAGE_ROOT_DIR . $path;
         $fileName = 'image.gif';
         $realPath = $targetPath . '/' . $fileName;
-        $thumbnailTargetPath = self::STORAGE_ROOT_DIR . '/.thumbs';
+        $thumbnailTargetPath = self::STORAGE_ROOT_DIR . '/.thumbs' . $path;
         $thumbnailDestination = $thumbnailTargetPath . '/' . $fileName;
         $type = 'image';
         $result = [

app/code/Magento/Email/Model/Template/Filter.php

@@ -321,6 +321,8 @@ public function setDesignParams(array $designParams)
     }
 
     /**
+     * Get Css processor
+     *
      * @deprecated 100.1.2
      * @return Css\Processor
      */
@@ -333,6 +335,8 @@ private function getCssProcessor()
     }
 
     /**
+     * Get pub directory
+     *
      * @deprecated 100.1.2
      * @param string $dirType
      * @return ReadInterface
@@ -523,6 +527,7 @@ public function mediaDirective($construction)
 
     /**
      * Retrieve store URL directive
+     *
      * Support url and direct_url properties
      *
      * @param string[] $construction
@@ -849,7 +854,7 @@ public function cssDirective($construction)
             return $css;
         } else {
             // Return CSS comment for debugging purposes
-            return '/* ' . sprintf(__('Contents of %s could not be loaded or is empty'), $file) . ' */';
+            return '/* ' . __('Contents of the specified CSS file could not be loaded or is empty') . ' */';
         }
     }
 
@@ -958,6 +963,8 @@ public function getCssFilesContent(array $files)
     }
 
     /**
+     * Apply inline css
+     *
      * Merge HTML and CSS and return HTML that has CSS styles applied "inline" to the HTML tags. This is necessary
      * in order to support all email clients.
      *