Merge pull request #4397 from magento-obsessive-owls/owls-2.2.10-delivery

danmooney2 · web-flow · commit 2fcb0f9749b6 · 2019-06-24T11:37:05.000-05:00
[owls] MC-17485, MC-17582
diff --git a/app/code/Magento/Catalog/Model/Product/AttributeSet/Options.php b/app/code/Magento/Catalog/Model/Product/AttributeSet/Options.php
@@ -5,10 +5,13 @@
  */
 namespace Magento\Catalog\Model\Product\AttributeSet;
 
+/**
+ * Attribute Set Options
+ */
 class Options implements \Magento\Framework\Data\OptionSourceInterface
 {
     /**
-     * @var null|array
+     * @var array
      */
     protected $options;
 
@@ -25,15 +28,23 @@ public function __construct(
     }
 
     /**
-     * @return array|null
+     * @inheritDoc
      */
     public function toOptionArray()
     {
         if (null == $this->options) {
             $this->options = $this->collectionFactory->create()
                 ->setEntityTypeFilter($this->product->getTypeId())
                 ->toOptionArray();
+
+            array_walk(
+                $this->options,
+                function (&$option) {
+                    $option['__disableTmpl'] = true;
+                }
+            );
         }
+
         return $this->options;
     }
 }
diff --git a/app/code/Magento/ImportExport/Model/Import/Source/Zip.php b/app/code/Magento/ImportExport/Model/Import/Source/Zip.php
@@ -32,6 +32,12 @@ public function __construct(
             throw new ValidatorException(__('Sorry, but the data is invalid or the file is not uploaded.'));
         }
         $directory->delete($directory->getRelativePath($file));
-        parent::__construct($csvFile, $directory, $options);
+
+        try {
+            parent::__construct($csvFile, $directory, $options);
+        } catch (\LogicException $e) {
+            $directory->delete($directory->getRelativePath($csvFile));
+            throw $e;
+        }
     }
 }
diff --git a/lib/internal/Magento/Framework/Archive/Zip.php b/lib/internal/Magento/Framework/Archive/Zip.php
@@ -54,7 +54,8 @@ public function unpack($source, $destination)
         $zip = new \ZipArchive();
         if ($zip->open($source) === true) {
             $filename = $this->filterRelativePaths($zip->getNameIndex(0) ?: '');
-            if ($filename) {
+            if ($filename && !preg_match('#[:"*?|<>%]#', $filename)) {
+                // extract first entry in zip file to destination directory
                 $zip->extractTo(dirname($destination), $filename);
                 rename(dirname($destination).'/'.$filename, $destination);
             } else {

Original file line number	Diff line number	Diff line change
`@@ -32,6 +32,12 @@ public function __construct(`
`32`	`32`	`throw new ValidatorException(__('Sorry, but the data is invalid or the file is not uploaded.'));`
`33`	`33`	`}`
`34`	`34`	`$directory->delete($directory->getRelativePath($file));`
`35`		`- parent::__construct($csvFile, $directory, $options);`
	`35`	`+`
	`36`	`+ try {`
	`37`	`+ parent::__construct($csvFile, $directory, $options);`
	`38`	`+ } catch (\LogicException $e) {`
	`39`	`+ $directory->delete($directory->getRelativePath($csvFile));`
	`40`	`+ throw $e;`
	`41`	`+ }`
`36`	`42`	`}`
`37`	`43`	`}`