Skip to content

Commit 272e906

Browse files
Merge branch '2.4.8-beta2-develop' into cia-2.4.8-beta2-develop-bugfix-10272024
2 parents c48a732 + f9458b2 commit 272e906

File tree

27 files changed

+577
-136
lines changed

27 files changed

+577
-136
lines changed

app/code/Magento/Backend/Block/Dashboard/Orders/Grid.php

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -14,7 +14,6 @@
1414
* Adminhtml dashboard recent orders grid
1515
*
1616
* @api
17-
* @author Magento Core Team <core@magentocommerce.com>
1817
* @SuppressWarnings(PHPMD.DepthOfInheritance)
1918
* @since 100.0.2
2019
*/
@@ -152,7 +151,7 @@ protected function _prepareColumns()
152151
'header' => __('Total'),
153152
'sortable' => false,
154153
'type' => 'currency',
155-
'currency_code' => $baseCurrencyCode,
154+
'currency_code' => $this->escapeHtml($baseCurrencyCode),
156155
'index' => 'revenue'
157156
]
158157
);

app/code/Magento/Catalog/Block/Adminhtml/Product/Helper/Form/Weight.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -122,7 +122,7 @@ public function getElementHtml()
122122
$html .= '<label class="admin__addon-suffix" for="' .
123123
$this->getHtmlId() .
124124
'"><span>' .
125-
$this->directoryHelper->getWeightUnit() .
125+
$this->_escaper->escapeHtml($this->directoryHelper->getWeightUnit()) .
126126
'</span></label></div>';
127127

128128
if ($afterElementJs = $this->getAfterElementJs()) {

app/code/Magento/Config/Block/System/Config/Form/Field/File.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ protected function _getDeleteCheckbox()
5555
$html .= '<input type="hidden" name="' .
5656
parent::getName() .
5757
'[value]" value="' .
58-
$this->getValue() .
58+
$this->_escaper->escapeHtml($this->getValue()) .
5959
'" />';
6060
$html .= '</div>';
6161
}
Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
7+
declare(strict_types=1);
8+
9+
namespace Magento\Config\Plugin\Model\Config\Backend;
10+
11+
use Magento\Config\Model\Config\Backend\Locale;
12+
use Magento\Config\Model\Config\Source\Locale\Currency\All;
13+
use Magento\Framework\Exception\LocalizedException;
14+
15+
class LocalePlugin
16+
{
17+
/**
18+
* @var All
19+
*/
20+
private $currencyList;
21+
22+
/**
23+
* @param All $currencyList
24+
*/
25+
public function __construct(
26+
All $currencyList
27+
) {
28+
$this->currencyList = $currencyList;
29+
}
30+
31+
/**
32+
* Check whether currency code value is acceptable or not
33+
*
34+
* @param Locale $subject
35+
* @return void
36+
*/
37+
public function beforeSave(Locale $subject): void
38+
{
39+
if ($subject->isValueChanged()) {
40+
$values = $subject->getValue();
41+
if (count(array_diff($values, $this->getOptions()))) {
42+
throw new LocalizedException(__('There was an error save new configuration value.'));
43+
}
44+
}
45+
}
46+
47+
/**
48+
* Get available options for weight unit
49+
*
50+
* @return array
51+
*/
52+
private function getOptions()
53+
{
54+
$options = $this->currencyList->toOptionArray();
55+
56+
return array_column($options, 'value');
57+
}
58+
}

app/code/Magento/Config/Test/Unit/Block/System/Config/Form/Field/FileTest.php

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -114,11 +114,13 @@ public function testGetElementHtml(): void
114114
$expectedHtmlId = $this->testData['html_id_prefix']
115115
. $this->testData['html_id']
116116
. $this->testData['html_id_suffix'];
117+
$escapeValue = $this->testData['value'];
117118
$this->escaperMock->expects($this->any())->method('escapeHtml')->willReturnMap(
118119
[
119120
[$expectedHtmlId, null, $expectedHtmlId],
120121
[self::XSS_FILE_NAME_TEST, null, self::XSS_FILE_NAME_TEST],
121122
[self::INPUT_NAME_TEST, null, self::INPUT_NAME_TEST],
123+
[$escapeValue, null, $escapeValue],
122124
]
123125
);
124126

app/code/Magento/Config/etc/adminhtml/di.xml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,8 @@
99
<preference for="Magento\Config\Model\Config\Backend\File\RequestData\RequestDataInterface" type="Magento\Config\Model\Config\Backend\File\RequestData" />
1010
<type name="Magento\Config\Model\Config\Structure\Element\Iterator\Tab" shared="false" />
1111
<type name="Magento\Config\Model\Config\Structure\Element\Iterator\Section" shared="false" />
12+
<type name="Magento\Config\Model\Config\Backend\Locale">
13+
<plugin name="installed_currency_configuration_validation"
14+
type="Magento\Config\Plugin\Model\Config\Backend\LocalePlugin" sortOrder="10" />
15+
</type>
1216
</config>

app/code/Magento/Customer/Controller/Account/EditPost.php

Lines changed: 0 additions & 65 deletions
Original file line numberDiff line numberDiff line change
@@ -237,17 +237,6 @@ public function execute()
237237
$customer = $this->getCustomerDataObject($this->session->getCustomerId());
238238
$customerCandidate = $this->populateNewCustomerDataObject($this->_request, $customer);
239239

240-
$attributeToDelete = (string)$this->_request->getParam('delete_attribute_value');
241-
if ($attributeToDelete !== "") {
242-
$attributesToDelete = $this->prepareAttributesToDelete($attributeToDelete);
243-
foreach ($attributesToDelete as $attribute) {
244-
$uploadedValue = $this->_request->getParam($attribute . File::UPLOADED_FILE_SUFFIX);
245-
if ((string)$uploadedValue === "") {
246-
$this->deleteCustomerFileAttribute($customerCandidate, $attribute);
247-
}
248-
}
249-
}
250-
251240
try {
252241
// whether a customer enabled change email option
253242
$isEmailChanged = $this->processChangeEmailRequest($customer);
@@ -310,26 +299,6 @@ public function execute()
310299
return $resultRedirect;
311300
}
312301

313-
/**
314-
* Convert comma-separated list of attributes to delete into array
315-
*
316-
* @param string $attribute
317-
* @return array
318-
*/
319-
private function prepareAttributesToDelete(string $attribute) : array
320-
{
321-
$result = [];
322-
if ($attribute !== "") {
323-
if (str_contains($attribute, ',')) {
324-
$result = explode(',', $attribute);
325-
} else {
326-
$result[] = $attribute;
327-
}
328-
$result = array_unique($result);
329-
}
330-
return $result;
331-
}
332-
333302
/**
334303
* Adds a complex success message if email confirmation is required
335304
*
@@ -484,38 +453,4 @@ private function disableAddressValidation($customer)
484453
$addressModel->setShouldIgnoreValidation(true);
485454
}
486455
}
487-
488-
/**
489-
* Removes file attribute from customer entity and file from filesystem
490-
*
491-
* @param CustomerInterface $customerCandidateDataObject
492-
* @param string $attributeToDelete
493-
* @return void
494-
* @throws FileSystemException
495-
*/
496-
private function deleteCustomerFileAttribute(
497-
CustomerInterface $customerCandidateDataObject,
498-
string $attributeToDelete
499-
) : void {
500-
if ($attributeToDelete !== '') {
501-
$attributes = $this->prepareAttributesToDelete($attributeToDelete);
502-
foreach ($attributes as $attr) {
503-
$attributeValue = $customerCandidateDataObject->getCustomAttribute($attr);
504-
if ($attributeValue!== null) {
505-
if ($attributeValue->getValue() !== '') {
506-
$mediaDirectory = $this->filesystem->getDirectoryWrite(DirectoryList::MEDIA);
507-
$fileName = $attributeValue->getValue();
508-
$path = $mediaDirectory->getAbsolutePath('customer' . $fileName);
509-
if ($fileName && $mediaDirectory->isFile($path)) {
510-
$mediaDirectory->delete($path);
511-
}
512-
$customerCandidateDataObject->setCustomAttribute(
513-
$attr,
514-
''
515-
);
516-
}
517-
}
518-
}
519-
}
520-
}
521456
}

app/code/Magento/Customer/Model/Metadata/Form/File.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -314,7 +314,7 @@ public function compactValue($value)
314314
// Remove outdated file (in the case of file uploader UI component)
315315
if (!empty($this->_value)
316316
&& (!empty($value['delete'])
317-
|| ($this->_entityTypeCode == 'customer' && empty($value)))
317+
|| ($this->_entityTypeCode === 'customer' && empty($value)))
318318
) {
319319
$this->fileProcessor->removeUploadedFile($this->_value);
320320
return $value;

app/code/Magento/Customer/Test/Unit/Controller/Account/EditPostTest.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -240,7 +240,7 @@ public function testExecute()
240240
->willReturn($customer);
241241

242242
$attr = 'attr1';
243-
$this->request->expects($this->exactly(5))
243+
$this->request->expects($this->exactly(3))
244244
->method('getParam')
245245
->willReturnCallback(
246246
function ($arg) use ($attr) {
Lines changed: 84 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,84 @@
1+
<?php
2+
/**
3+
* Copyright © Magento, Inc. All rights reserved.
4+
* See COPYING.txt for license details.
5+
*/
6+
declare(strict_types=1);
7+
8+
namespace Magento\Directory\Model\Config\Backend;
9+
10+
use Magento\Directory\Model\Config\Source\WeightUnit as Source;
11+
use Magento\Framework\App\Cache\TypeListInterface;
12+
use Magento\Framework\App\Config\ScopeConfigInterface;
13+
use Magento\Framework\App\Config\Value;
14+
use Magento\Framework\Data\Collection\AbstractDb;
15+
use Magento\Framework\Exception\LocalizedException;
16+
use Magento\Framework\Model\Context;
17+
use Magento\Framework\Model\ResourceModel\AbstractResource;
18+
use Magento\Framework\Registry;
19+
20+
/**
21+
* Backend source for weight unit configuration field
22+
*/
23+
class WeightUnit extends Value
24+
{
25+
/**
26+
* @var Source
27+
*/
28+
private $source;
29+
30+
/**
31+
* @param Source $source
32+
* @param Context $context
33+
* @param Registry $registry
34+
* @param ScopeConfigInterface $config
35+
* @param TypeListInterface $cacheTypeList
36+
* @param AbstractResource $resource
37+
* @param AbstractDb $resourceCollection
38+
* @param array $data
39+
*
40+
* @codeCoverageIgnore
41+
*/
42+
public function __construct(
43+
Source $source,
44+
Context $context,
45+
Registry $registry,
46+
ScopeConfigInterface $config,
47+
TypeListInterface $cacheTypeList,
48+
AbstractResource $resource = null,
49+
AbstractDb $resourceCollection = null,
50+
array $data = []
51+
) {
52+
$this->source = $source;
53+
parent::__construct($context, $registry, $config, $cacheTypeList, $resource, $resourceCollection, $data);
54+
}
55+
56+
/**
57+
* Check whether weight unit value is acceptable or not
58+
*
59+
* @return $this
60+
*/
61+
public function beforeSave()
62+
{
63+
if ($this->isValueChanged()) {
64+
$weightUnit = $this->getData('value');
65+
if (!in_array($weightUnit, $this->getOptions())) {
66+
throw new LocalizedException(__('There was an error save new configuration value.'));
67+
}
68+
}
69+
70+
return parent::beforeSave();
71+
}
72+
73+
/**
74+
* Get available options for weight unit
75+
*
76+
* @return array
77+
*/
78+
private function getOptions()
79+
{
80+
$options = $this->source->toOptionArray();
81+
82+
return array_column($options, 'value');
83+
}
84+
}

0 commit comments

Comments
 (0)