MAGETWO-46855: Block Cache Exploit

Bohdan Korablov · Bohdan Korablov · commit 2c7cd74324e2 · 2016-01-14T11:19:17.000+02:00
diff --git a/dev/tests/integration/testsuite/Magento/Framework/View/Element/AbstractBlockTest.php b/dev/tests/integration/testsuite/Magento/Framework/View/Element/AbstractBlockTest.php
@@ -5,6 +5,8 @@
  */
 namespace Magento\Framework\View\Element;
 
+use Magento\Framework\View\Element\AbstractBlock;
+
 /**
  * @magentoAppIsolation enabled
  */
@@ -556,7 +558,7 @@ public function testGetCacheKey()
         $this->assertNotEquals($name, $key);
 
         $block->setCacheKey('key');
-        $this->assertEquals('key', $block->getCacheKey());
+        $this->assertEquals(AbstractBlock::CACHE_KEY_PREFIX . 'key', $block->getCacheKey());
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Element/AbstractBlock.php b/lib/internal/Magento/Framework/View/Element/AbstractBlock.php
@@ -24,6 +24,11 @@ abstract class AbstractBlock extends \Magento\Framework\DataObject implements Bl
      */
     const CACHE_GROUP = \Magento\Framework\App\Cache\Type\Block::TYPE_IDENTIFIER;
 
+    /**
+     * Prefix for cache key of block
+     */
+    const CACHE_KEY_PREFIX = 'BLOCK_';
+
     /**
      * Design
      *
@@ -958,7 +963,7 @@ public function getCacheKeyInfo()
     public function getCacheKey()
     {
         if ($this->hasData('cache_key')) {
-            return $this->getData('cache_key');
+            return static::CACHE_KEY_PREFIX . $this->getData('cache_key');
         }
         /**
          * don't prevent recalculation by saving generated cache key
@@ -970,7 +975,7 @@ public function getCacheKey()
         // ignore array keys
         $key = implode('|', $key);
         $key = sha1($key);
-        return $key;
+        return static::CACHE_KEY_PREFIX . $key;
     }
 
     /**
diff --git a/lib/internal/Magento/Framework/View/Test/Unit/Element/AbstractBlockTest.php b/lib/internal/Magento/Framework/View/Test/Unit/Element/AbstractBlockTest.php
@@ -8,8 +8,30 @@
 
 namespace Magento\Framework\View\Test\Unit\Element;
 
+use Magento\Framework\View\Element\AbstractBlock;
+use Magento\Framework\View\Element\Context;
+use Magento\Framework\Config\View;
+use Magento\Framework\View\ConfigInterface;
+
 class AbstractBlockTest extends \PHPUnit_Framework_TestCase
 {
+    /**
+     * @var AbstractBlock
+     */
+    protected $block;
+
+    /**
+     * @return void
+     */
+    protected function setUp()
+    {
+        $contextMock = $this->getMock(Context::class, [], [], '', false);
+        $this->block = $this->getMockForAbstractClass(
+            AbstractBlock::class,
+            ['context' => $contextMock]
+        );
+    }
+
     /**
      * @param string $expectedResult
      * @param string $nameInLayout
@@ -18,11 +40,8 @@ class AbstractBlockTest extends \PHPUnit_Framework_TestCase
      */
     public function testGetUiId($expectedResult, $nameInLayout, $methodArguments)
     {
-        /** @var $block \Magento\Framework\View\Element\AbstractBlock|\PHPUnit_Framework_MockObject_MockObject */
-        $block = $this->getMockForAbstractClass('Magento\Framework\View\Element\AbstractBlock', [], '', false);
-        $block->setNameInLayout($nameInLayout);
-
-        $this->assertEquals($expectedResult, call_user_func_array([$block, 'getUiId'], $methodArguments));
+        $this->block->setNameInLayout($nameInLayout);
+        $this->assertEquals($expectedResult, call_user_func_array([$this->block, 'getUiId'], $methodArguments));
     }
 
     /**
@@ -57,46 +76,63 @@ public function getUiIdDataProvider()
         ];
     }
 
+    /**
+     * @return void
+     */
     public function testGetVar()
     {
-        $this->markTestIncomplete('MAGETWO-11727');
-        $config = $this->getMock('Magento\Framework\Config\View', ['getVarValue'], [], '', false);
+        $config = $this->getMock(View::class, ['getVarValue'], [], '', false);
         $module = uniqid();
-        $config->expects(
-            $this->at(0)
-        )->method(
-            'getVarValue'
-        )->with(
-            'Magento_Theme',
-            'v1'
-        )->will(
-            $this->returnValue('one')
-        );
-        $config->expects($this->at(1))->method('getVarValue')->with($module, 'v2')->will($this->returnValue('two'));
 
-        $configManager = $this->getMock('Magento\Framework\View\ConfigInterface', [], [], '', false);
-        $configManager->expects($this->exactly(2))->method('getViewConfig')->will($this->returnValue($config));
+        $config->expects($this->any())
+            ->method('getVarValue')
+            ->willReturnMap([
+                ['Magento_Theme', 'v1', 'one'],
+                [$module, 'v2', 'two']
+            ]);
+
+        $configManager = $this->getMock(ConfigInterface::class, [], [], '', false);
+        $configManager->expects($this->exactly(2))->method('getViewConfig')->willReturn($config);
 
-        /** @var $block \Magento\Framework\View\Element\AbstractBlock|\PHPUnit_Framework_MockObject_MockObject */
+        /** @var $block AbstractBlock|\PHPUnit_Framework_MockObject_MockObject */
         $params = ['viewConfig' => $configManager];
         $helper = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
         $block = $this->getMockForAbstractClass(
-            'Magento\Framework\View\Element\AbstractBlock',
-            $helper->getConstructArguments('Magento\Framework\View\Element\AbstractBlock', $params),
-            uniqid('Magento\\Theme\\Block\\AbstractBlock\\')
+            AbstractBlock::class,
+            $helper->getConstructArguments(AbstractBlock::class, $params)
         );
+        $block->setData('module_name', 'Magento_Theme');
 
         $this->assertEquals('one', $block->getVar('v1'));
         $this->assertEquals('two', $block->getVar('v2', $module));
     }
 
+    /**
+     * @return void
+     */
     public function testIsScopePrivate()
     {
-        $contextMock = $this->getMock('Magento\Framework\View\Element\Context', [], [], '', false);
-        $block = $this->getMockForAbstractClass(
-            'Magento\Framework\View\Element\AbstractBlock',
-            ['context' => $contextMock]
-        );
-        $this->assertEquals(false, $block->isScopePrivate());
+        $this->assertFalse($this->block->isScopePrivate());
+    }
+
+    /**
+     * @return void
+     */
+    public function testGetCacheKey()
+    {
+        $cacheKey = 'testKey';
+        $this->block->setData('cache_key', $cacheKey);
+        $this->assertEquals(AbstractBlock::CACHE_KEY_PREFIX . $cacheKey, $this->block->getCacheKey());
+    }
+
+    /**
+     * @return void
+     */
+    public function testGetCacheKeyByName()
+    {
+        $nameInLayout = 'testBlock';
+        $this->block->setNameInLayout($nameInLayout);
+        $cacheKey = sha1($nameInLayout);
+        $this->assertEquals(AbstractBlock::CACHE_KEY_PREFIX . $cacheKey, $this->block->getCacheKey());
     }
 }
