Merge remote-tracking branch 'origin/MC-37922' into 2.4-develop-pr112

Author: zakdma

app/code/Magento/ImportExport/Controller/Adminhtml/ImportResult.php

@@ -9,6 +9,8 @@
 use Magento\ImportExport\Model\Import\Entity\AbstractEntity;
 use Magento\ImportExport\Model\Import\ErrorProcessing\ProcessingErrorAggregatorInterface;
 use Magento\ImportExport\Model\History as ModelHistory;
+use Magento\Framework\Escaper;
+use Magento\Framework\App\ObjectManager;
 
 /**
  * Import controller
@@ -37,22 +39,31 @@ abstract class ImportResult extends Import
      */
     protected $reportHelper;
 
+    /**
+     * @var Escaper|null
+     */
+    protected $escaper;
+
     /**
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\ImportExport\Model\Report\ReportProcessorInterface $reportProcessor
      * @param \Magento\ImportExport\Model\History $historyModel
      * @param \Magento\ImportExport\Helper\Report $reportHelper
+     * @param Escaper|null $escaper
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
         \Magento\ImportExport\Model\Report\ReportProcessorInterface $reportProcessor,
         \Magento\ImportExport\Model\History $historyModel,
-        \Magento\ImportExport\Helper\Report $reportHelper
+        \Magento\ImportExport\Helper\Report $reportHelper,
+        Escaper $escaper = null
     ) {
         parent::__construct($context);
         $this->reportProcessor = $reportProcessor;
         $this->historyModel = $historyModel;
         $this->reportHelper = $reportHelper;
+        $this->escaper = $escaper
+            ?? ObjectManager::getInstance()->get(Escaper::class);
     }
 
     /**
@@ -69,28 +80,30 @@ protected function addErrorMessages(
         if ($errorAggregator->getErrorsCount()) {
             $message = '';
             $counter = 0;
+            $escapedMessages = [];
             foreach ($this->getErrorMessages($errorAggregator) as $error) {
-                $message .= (++$counter) . '. ' . $error . '<br>';
+                $escapedMessages[] = (++$counter) . '. ' . $this->escaper->escapeHtml($error);
                 if ($counter >= self::LIMIT_ERRORS_MESSAGE) {
                     break;
                 }
             }
             if ($errorAggregator->hasFatalExceptions()) {
                 foreach ($this->getSystemExceptions($errorAggregator) as $error) {
-                    $message .= $error->getErrorMessage()
+                    $escapedMessages[] = $this->escaper->escapeHtml($error->getErrorMessage())
                         . ' <a href="#" onclick="$(this).next().show();$(this).hide();return false;">'
                         . __('Show more') . '</a><div style="display:none;">' . __('Additional data') . ': '
-                        . $error->getErrorDescription() . '</div>';
+                        . $this->escaper->escapeHtml($error->getErrorDescription()) . '</div>';
                 }
             }
             try {
+                $message .= implode('<br>', $escapedMessages);
                 $resultBlock->addNotice(
                     '<strong>' . __('Following Error(s) has been occurred during importing process:') . '</strong><br>'
                     . '<div class="import-error-wrapper">' . __('Only the first 100 errors are shown. ')
                     . '<a href="'
                     . $this->createDownloadUrlImportHistoryFile($this->createErrorReport($errorAggregator))
                     . '">' . __('Download full report') . '</a><br>'
-                    . '<div class="import-error-list">' . $resultBlock->escapeHtml($message) . '</div></div>'
+                    . '<div class="import-error-list">' . $message . '</div></div>'
                 );
             } catch (\Exception $e) {
                 foreach ($this->getErrorMessages($errorAggregator) as $errorMessage) {

dev/tests/integration/testsuite/Magento/ImportExport/Controller/Adminhtml/Import/_files/invalid_catalog_products.csv

@@ -0,0 +1,3 @@
+sku,_store,_attribute_set,product_type,categories,_product_websites,color,cost,country_of_manufacture,created_at,custom_design,custom_design_from,custom_design_to,custom_layout_update,description,gallery,gift_message_available,gift_wrapping_available,gift_wrapping_price,has_options,image,image_label,is_returnable,manufacturer,meta_description,meta_keyword,meta_title,minimal_price,msrp,msrp_display_actual_price_type,name,news_from_date,news_to_date,options_container,page_layout,price,quantity_and_stock_status,related_tgtr_position_behavior,related_tgtr_position_limit,required_options,short_description,small_image,small_image_label,special_from_date,special_price,special_to_date,status,tax_class_id,thumbnail,thumbnail_label,updated_at,upsell_tgtr_position_behavior,upsell_tgtr_position_limit,url_key,url_path,visibility,weight,qty,min_qty,use_config_min_qty,is_qty_decimal,backorders,use_config_backorders,min_sale_qty,use_config_min_sale_qty,max_sale_qty,use_config_max_sale_qty,is_in_stock,notify_stock_qty,use_config_notify_stock_qty,manage_stock,use_config_manage_stock,use_config_qty_increments,qty_increments,use_config_enable_qty_inc,enable_qty_increments,is_decimal_divided,website_id,_related_sku,_related_position,_crosssell_sku,_crosssell_position,_upsell_sku,_upsell_position,_tier_price_website,_tier_price_customer_group,_tier_price_qty,_tier_price_price,_media_attribute_id,_media_image,_media_label,_media_position,_media_is_disabled,_associated_sku,_associated_default_qty,_associated_position
+"",,Default,simple,,base,,,,"2014-12-25 19:52:47",,,,,,,,,,0,,,"No",,"simple product 1 ","simple product 1","simple product 1",,,,"simple product 1",,,"Block after Info Column",,100.0000,"In Stock",,,0,,,,,,,1,2,,,"2014-12-25 19:52:47",,,simple-product-1,,"catalog, search",,123.0000,0.0000,1,0,0,1,1.0000,1,0.0000,1,1,,1,1,0,1,0.0000,1,0,0,1,,,,,,,,,,,,,,,,,,
+"",,Default,simple,,base,,,,"2014-12-25 19:53:14",,,,,,,,,,0,,,"No",,"simple product 2 ","simple product 2","simple product 2",,,,"simple product 2",,,"Block after Info Column",,200.0000,"In Stock",,,0,,,,,,,1,2,,,"2014-12-25 19:53:14",,,simple-product-2,,"catalog, search",,234.0000,0.0000,1,0,0,1,1.0000,1,0.0000,1,1,,1,1,0,1,0.0000,1,0,0,1,,,,,,,,,,,,,,,,,,

dev/tests/integration/testsuite/Magento/ImportExport/Controller/Adminhtml/ImportResultTest.php

@@ -0,0 +1,91 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\ImportExport\Controller\Adminhtml;
+
+use Magento\Framework\Filesystem\DirectoryList;
+use Magento\Framework\HTTP\Adapter\FileTransferFactory;
+use Magento\ImportExport\Model\Import;
+use Magento\ImportExport\Model\Import\ErrorProcessing\ProcessingErrorAggregatorInterface;
+use Magento\ImportExport\Controller\Adminhtml\Import\HttpFactoryMock;
+
+/**
+ * Test for \Magento\ImportExport\Controller\Adminhtml\ImportResult class.
+ *
+ * @magentoAppArea adminhtml
+ */
+class ImportResultTest extends \Magento\TestFramework\TestCase\AbstractBackendController
+{
+    /**
+     * @param string $fileName
+     * @param string $mimeType
+     * @param string $delimiter
+     * @backupGlobals enabled
+     * @magentoDbIsolation enabled
+     * @dataProvider validationDataProvider
+     * @SuppressWarnings(PHPMD.Superglobals)
+     */
+    public function testAddErrorMessages(string $fileName, string $mimeType, string $delimiter): void
+    {
+        $validationStrategy = ProcessingErrorAggregatorInterface::VALIDATION_STRATEGY_STOP_ON_ERROR;
+
+        $this->getRequest()->setParam('isAjax', true);
+        $this->getRequest()->setMethod('POST');
+        $_SERVER['HTTP_X_REQUESTED_WITH'] = 'XMLHttpRequest';
+
+        /** @var $formKey \Magento\Framework\Data\Form\FormKey */
+        $formKey = $this->_objectManager->get(\Magento\Framework\Data\Form\FormKey::class);
+        $this->getRequest()->setPostValue('form_key', $formKey->getFormKey());
+        $this->getRequest()->setPostValue('entity', 'catalog_product');
+        $this->getRequest()->setPostValue('behavior', 'append');
+        $this->getRequest()->setPostValue(Import::FIELD_NAME_VALIDATION_STRATEGY, $validationStrategy);
+        $this->getRequest()->setPostValue(Import::FIELD_NAME_ALLOWED_ERROR_COUNT, 0);
+        $this->getRequest()->setPostValue('_import_field_separator', $delimiter);
+
+        /** @var \Magento\TestFramework\App\Filesystem $filesystem */
+        $filesystem = $this->_objectManager->get(\Magento\Framework\Filesystem::class);
+        $tmpDir = $filesystem->getDirectoryWrite(DirectoryList::SYS_TMP);
+        $subDir = str_replace('\\', '_', __CLASS__);
+        $tmpDir->create($subDir);
+        $target = $tmpDir->getAbsolutePath("{$subDir}" . DIRECTORY_SEPARATOR . "{$fileName}");
+        copy(__DIR__ . DIRECTORY_SEPARATOR . 'Import' . DIRECTORY_SEPARATOR . '_files'
+            . DIRECTORY_SEPARATOR . "{$fileName}", $target);
+
+        $_FILES = [
+            'import_file' => [
+                'name' => $fileName,
+                'type' => $mimeType,
+                'tmp_name' => $target,
+                'error' => 0,
+                'size' => filesize($target)
+            ]
+        ];
+
+        $this->_objectManager->configure(
+            [
+                'preferences' => [FileTransferFactory::class => HttpFactoryMock::class]
+            ]
+        );
+
+        $this->dispatch('backend/admin/import/validate');
+        $this->assertStringNotContainsString('&lt;br&gt;', $this->getResponse()->getBody());
+    }
+
+    /**
+     * @return array
+     */
+    public function validationDataProvider(): array
+    {
+        return [
+            [
+                'file_name' => 'invalid_catalog_products.csv',
+                'mime-type' => 'text/csv',
+                'delimiter' => ',',
+            ],
+        ];
+    }
+}