AC-479: Input validation for File Upload in Customer Address

	* Merge branch '2.4.4-develop' into AC-479

Author: rizwankhgl

app/code/Magento/CatalogInventory/Model/StockStateProvider.php

@@ -135,7 +135,7 @@ public function checkQuoteItemQty(StockItemInterface $stockItem, $qty, $summaryQ
         $result->addData($this->checkQtyIncrements($stockItem, $qty)->getData());
 
         $result->setItemIsQtyDecimal($stockItem->getIsQtyDecimal());
-        if (!$stockItem->getIsQtyDecimal() && (floor($qty) !== $qty)) {
+        if (!$stockItem->getIsQtyDecimal() && (floor($qty) !== (float) $qty)) {
             $result->setHasError(true)
                 ->setMessage(__('You cannot use decimal quantity for this product.'))
                 ->setErrorCode('qty_decimal')

app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php

@@ -77,8 +77,6 @@ class Storage extends \Magento\Framework\DataObject
     protected $_coreFileStorageDb = null;
 
     /**
-     * Cms wysiwyg images
-     *
      * @var \Magento\Cms\Helper\Wysiwyg\Images
      */
     protected $_cmsWysiwygImages = null;
@@ -109,36 +107,26 @@ class Storage extends \Magento\Framework\DataObject
     protected $_session;
 
     /**
-     * Directory database factory
-     *
      * @var \Magento\MediaStorage\Model\File\Storage\Directory\DatabaseFactory
      */
     protected $_directoryDatabaseFactory;
 
     /**
-     * Storage database factory
-     *
      * @var \Magento\MediaStorage\Model\File\Storage\DatabaseFactory
      */
     protected $_storageDatabaseFactory;
 
     /**
-     * Storage file factory
-     *
      * @var \Magento\MediaStorage\Model\File\Storage\FileFactory
      */
     protected $_storageFileFactory;
 
     /**
-     * Storage collection factory
-     *
      * @var \Magento\Cms\Model\Wysiwyg\Images\Storage\CollectionFactory
      */
     protected $_storageCollectionFactory;
 
     /**
-     * Uploader factory
-     *
      * @var \Magento\MediaStorage\Model\File\UploaderFactory
      */
     protected $_uploaderFactory;
@@ -745,8 +733,8 @@ private function getResizedParams(string $source): array
         $configWidth = $this->_resizeParameters['width'];
         $configHeight = $this->_resizeParameters['height'];
 
-        //phpcs:ignore Generic.PHP.NoSilencedErrors
-        [$imageWidth, $imageHeight] = @getimagesize($source);
+        $driver = $this->_directory->getDriver();
+        [$imageWidth, $imageHeight] = getimagesizefromstring($driver->fileGetContents($source));
 
         if ($imageWidth && $imageHeight) {
             $imageWidth = $configWidth > $imageWidth ? $imageWidth : $configWidth;
@@ -999,7 +987,7 @@ private function getAllowedPathPattern()
             );
             $regExp = '/^(';
             $or = '';
-            foreach($mediaGalleryImageFolders as $folder) {
+            foreach ($mediaGalleryImageFolders as $folder) {
                 $folderPattern = str_replace('/', '[\/]+', $folder);
                 $regExp .= $or . $folderPattern . '\b(?!-)(?:\/?[a-zA-Z0-9\-\_]+)*\/?$';
                 $or = '|';
@@ -1013,7 +1001,7 @@ private function getAllowedPathPattern()
     /**
      * Get allowed media gallery image folders
      *
-     * example:
+     * Example:
      *   [
      *     [0 => 'wysiwyg'],
      *     [0 => 'catalog', 1 => 'category']

app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php

@@ -141,6 +141,9 @@ class StorageTest extends TestCase
      */
     private $fileMock;
 
+    /**
+     * @var array
+     */
     private $allowedImageExtensions = [
         'jpg' => 'image/jpg',
         'jpeg' => 'image/jpeg',
@@ -366,13 +369,13 @@ public function testGetDirsCollectionCreateSubDirectories()
     }
 
     /**
-     * @param array $exclude
-     * @param array $include
-     * @param array $fileNames
-     * @param array $expectedRemoveKeys
+     * @param $path
+     * @param $callNum
+     * @param string $dirsFilter
+     * @throws \Exception
      * @dataProvider dirsCollectionDataProvider
      */
-    public function testGetDirsCollection($path, $callNum, $dirsFilter='')
+    public function testGetDirsCollection($path, $callNum, $dirsFilter = '')
     {
         $this->generalTestGetDirsCollection($path, $callNum, $dirsFilter);
     }
@@ -517,6 +520,9 @@ public function testUploadFile()
                     [$thumbnailTargetPath, true],
                 ]
             );
+        $this->driverMock->expects(self::once())
+            ->method('fileGetContents')
+            ->willReturn('some content');
 
         $image = $this->getMockBuilder(Image::class)
             ->disableOriginalConstructor()

app/code/Magento/Cms/Ui/Component/Listing/Column/BlockActions.php

@@ -66,24 +66,24 @@ public function prepareDataSource(array $dataSource)
                             'href' => $this->urlBuilder->getUrl(
                                 static::URL_PATH_EDIT,
                                 [
-                                    'block_id' => $item['block_id'],
+                                    'block_id' => $item['block_id']
                                 ]
                             ),
-                            'label' => __('Edit'),
+                            'label' => __('Edit')
                         ],
                         'delete' => [
                             'href' => $this->urlBuilder->getUrl(
                                 static::URL_PATH_DELETE,
                                 [
-                                    'block_id' => $item['block_id'],
+                                    'block_id' => $item['block_id']
                                 ]
                             ),
                             'label' => __('Delete'),
                             'confirm' => [
                                 'title' => __('Delete %1', $title),
-                                'message' => __('Are you sure you want to delete a %1 record?', $title),
+                                'message' => __('Are you sure you want to delete a %1 record?', $title)
                             ],
-                            'post' => true,
+                            'post' => true
                         ],
                     ];
                 }
@@ -102,6 +102,7 @@ public function prepareDataSource(array $dataSource)
     private function getEscaper()
     {
         if (!$this->escaper) {
+            // phpcs:ignore Magento2.PHP.AutogeneratedClassNotInConstructor
             $this->escaper = ObjectManager::getInstance()->get(Escaper::class);
         }
         return $this->escaper;

app/code/Magento/Integration/Model/Oauth/Token.php

@@ -59,7 +59,9 @@ class Token extends \Magento\Framework\Model\AbstractModel
 
     /**#@- */
 
-    /**#@- */
+    /**
+     * @var OauthHelper
+     */
     protected $_oauthHelper;
 
     /**
@@ -136,9 +138,10 @@ public function __construct(
         $this->_consumerFactory = $consumerFactory;
         $this->_oauthData = $oauthData;
         $this->_oauthHelper = $oauthHelper;
-        $this->reader = ObjectManager::getInstance()->get(UserTokenReaderInterface::class);
-        $this->issuer = ObjectManager::getInstance()->get(UserTokenIssuerInterface::class);
-        $this->tokenParamsFactory = ObjectManager::getInstance()->get(UserTokenParametersInterfaceFactory::class);
+        $this->reader = $reader ?? ObjectManager::getInstance()->get(UserTokenReaderInterface::class);
+        $this->issuer = $issuer ?? ObjectManager::getInstance()->get(UserTokenIssuerInterface::class);
+        $this->tokenParamsFactory = $paramsFactory ??
+            ObjectManager::getInstance()->get(UserTokenParametersInterfaceFactory::class);
     }
 
     /**
@@ -360,6 +363,7 @@ public function loadByConsumerIdAndUserType($consumerId, $userType)
     {
         $tokenData = $this->getResource()->selectTokenByConsumerIdAndUserType($consumerId, $userType);
         $this->setData($tokenData ? $tokenData : []);
+        $this->getResource()->afterLoad($this);
         return $this;
     }
 

app/code/Magento/Integration/Model/Oauth/Token/Provider.php

@@ -44,7 +44,7 @@ public function __construct(
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function validateConsumer($consumer)
     {
@@ -58,7 +58,7 @@ public function validateConsumer($consumer)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function createRequestToken($consumer)
     {
@@ -73,7 +73,7 @@ public function createRequestToken($consumer)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function validateRequestToken($requestToken, $consumer, $oauthVerifier)
     {
@@ -99,7 +99,7 @@ public function validateRequestToken($requestToken, $consumer, $oauthVerifier)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function getAccessToken($consumer)
     {
@@ -118,7 +118,7 @@ public function getAccessToken($consumer)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function validateAccessTokenRequest($accessToken, $consumer)
     {
@@ -144,7 +144,7 @@ public function validateAccessTokenRequest($accessToken, $consumer)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function validateAccessToken($accessToken)
     {
@@ -168,15 +168,15 @@ public function validateAccessToken($accessToken)
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function validateOauthToken($oauthToken)
     {
         return strlen($oauthToken) == \Magento\Framework\Oauth\Helper\Oauth::LENGTH_TOKEN;
     }
 
     /**
-     * {@inheritdoc}
+     * @inheritdoc
      */
     public function getConsumerByKey($consumerKey)
     {

app/code/Magento/Integration/Model/ResourceModel/Oauth/Consumer.php

@@ -5,17 +5,29 @@
  */
 namespace Magento\Integration\Model\ResourceModel\Oauth;
 
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Encryption\Encryptor;
+
 class Consumer extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
 {
+
+    /**
+     * @var Encryptor
+     */
+    private $encryptor;
+
     /**
      * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
      * @param string $connectionName
+     * @param Encryptor $encryptor
      */
     public function __construct(
         \Magento\Framework\Model\ResourceModel\Db\Context $context,
-        $connectionName = null
+        $connectionName = null,
+        Encryptor $encryptor = null
     ) {
         parent::__construct($context, $connectionName);
+        $this->encryptor = $encryptor ?? ObjectManager::getInstance()->get(Encryptor::class);
     }
 
     /**
@@ -61,4 +73,40 @@ public function getTimeInSecondsSinceCreation($consumerId)
 
         return $connection->fetchOne($select);
     }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _beforeSave(\Magento\Framework\Model\AbstractModel $object)
+    {
+        if ($object->getSecret()) {
+            $object->setSecret($this->encryptor->encrypt($object->getSecret()));
+        }
+
+        return parent::_beforeSave($object);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _afterLoad(\Magento\Framework\Model\AbstractModel $object)
+    {
+        if ($object->getSecret()) {
+            $object->setSecret($this->encryptor->decrypt($object->getSecret()));
+        }
+
+        return parent::_afterLoad($object);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    protected function _afterSave(\Magento\Framework\Model\AbstractModel $object)
+    {
+        if ($object->getSecret()) {
+            $object->setSecret($this->encryptor->decrypt($object->getSecret()));
+        }
+
+        return parent::_afterSave($object);
+    }
 }