Merge pull request #4078 from magento-borg/borg-qwerty-2.1

[borg] Bug fixes

Author: nathanjosiah

app/code/Magento/Captcha/Model/DefaultModel.php

@@ -5,9 +5,13 @@
  */
 namespace Magento\Captcha\Model;
 
+use Magento\Framework\Math\Random;
+
 /**
  * Implementation of \Zend_Captcha
  *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
+ *
  * @author     Magento Core Team <core@magentocommerce.com>
  */
 class DefaultModel extends \Zend_Captcha_Image implements \Magento\Captcha\Model\CaptchaInterface
@@ -68,22 +72,30 @@ class DefaultModel extends \Zend_Captcha_Image implements \Magento\Captcha\Model
      */
     protected $_session;
 
+    /**
+     * @var Random
+     */
+    private $randomMath;
+
     /**
      * @param \Magento\Framework\Session\SessionManagerInterface $session
      * @param \Magento\Captcha\Helper\Data $captchaData
      * @param \Magento\Captcha\Model\ResourceModel\LogFactory $resLogFactory
      * @param string $formId
+     * @param Random $randomMath
      */
     public function __construct(
         \Magento\Framework\Session\SessionManagerInterface $session,
         \Magento\Captcha\Helper\Data $captchaData,
         \Magento\Captcha\Model\ResourceModel\LogFactory $resLogFactory,
-        $formId
+        $formId,
+        Random $randomMath = null
     ) {
         $this->_session = $session;
         $this->_captchaData = $captchaData;
         $this->_resLogFactory = $resLogFactory;
         $this->_formId = $formId;
+        $this->randomMath = $randomMath ?: \Magento\Framework\App\ObjectManager::getInstance()->get(Random::class);
     }
 
     /**
@@ -361,13 +373,9 @@ public function setShowCaptchaInSession($value = true)
      */
     protected function _generateWord()
     {
-        $word = '';
-        $symbols = $this->_getSymbols();
+        $symbols = (string)$this->_captchaData->getConfig('symbols');
         $wordLen = $this->_getWordLen();
-        for ($i = 0; $i < $wordLen; $i++) {
-            $word .= $symbols[array_rand($symbols)];
-        }
-        return $word;
+        return $this->randomMath->getRandomString($wordLen, $symbols);
     }
 
     /**

app/code/Magento/Captcha/Test/Unit/Model/DefaultTest.php

@@ -376,4 +376,41 @@ public function isShownToLoggedInUserDataProvider()
             [false, 'guest_checkout']
         ];
     }
+
+    /**
+     * @param string $string
+     * @dataProvider generateWordProvider
+     * @throws \ReflectionException
+     */
+    public function testGenerateWord($string)
+    {
+        $randomMock = $this->getMock('Magento\Framework\Math\Random');
+        $randomMock->expects($this->once())
+            ->method('getRandomString')
+            ->will($this->returnValue($string));
+
+        $captcha = new \Magento\Captcha\Model\DefaultModel(
+            $this->session,
+            $this->_getHelperStub(),
+            $this->_resLogFactory,
+            'user_create',
+            $randomMock
+        );
+
+        $method = new \ReflectionMethod($captcha, '_generateWord');
+        $method->setAccessible(true);
+        $this->assertEquals($string, $method->invoke($captcha));
+    }
+
+    /**
+     * @return array
+     */
+    public function generateWordProvider()
+    {
+        return [
+            ['ABC123'],
+            ['1234567890'],
+            ['The quick brown fox jumps over the lazy dog.']
+        ];
+    }
 }

app/code/Magento/Customer/etc/adminhtml/system.xml

@@ -261,6 +261,7 @@
                 </field>
                 <field id="html" type="textarea" sortOrder="3" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>HTML</label>
+                    <comment>Only 'b', 'br', 'em', 'i', 'li', 'ol', 'p', 'strong', 'sub', 'sup', 'ul' tags are allowed</comment>
                 </field>
                 <field id="pdf" type="textarea" sortOrder="4" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>PDF</label>

app/code/Magento/Customer/i18n/en_US.csv

@@ -480,6 +480,7 @@ Password:,Password:
 "Address Templates","Address Templates"
 "Online Customers Options","Online Customers Options"
 "Online Minutes Interval","Online Minutes Interval"
+"Only 'b', 'br', 'em', 'i', 'li', 'ol', 'p', 'strong', 'sub', 'sup', 'ul' tags are allowed","Only 'b', 'br', 'em', 'i', 'li', 'ol', 'p', 'strong', 'sub', 'sup', 'ul' tags are allowed"
 "Leave empty for default (15 minutes).","Leave empty for default (15 minutes)."
 "Enable Autocomplete on login/forgot password forms","Enable Autocomplete on login/forgot password forms"
 "Customer Grid","Customer Grid"

app/code/Magento/Customer/view/adminhtml/templates/tab/view/personal_info.phtml

@@ -15,6 +15,7 @@ $lastLoginDateStore = $block->getStoreLastLoginDate();
 
 $createDateAdmin = $block->getCreateDate();
 $createDateStore = $block->getStoreCreateDate();
+$allowedAddressHtmlTags = ['b', 'br', 'em', 'i', 'li', 'ol', 'p', 'strong', 'sub', 'sup', 'ul'];
 ?>
 
 <div class="fieldset-wrapper customer-information">
@@ -65,7 +66,7 @@ $createDateStore = $block->getStoreCreateDate();
     <address>
         <strong><?php echo $block->escapeHtml(__('Default Billing Address')) ?></strong>
         <br/>
-        <?php echo $block->getBillingAddressHtml() ?>
+        <?php echo $block->escapeHtml($block->getBillingAddressHtml(), $allowedAddressHtmlTags) ?>
     </address>
 
 </div>

app/code/Magento/Dhl/Model/Carrier.php

@@ -730,12 +730,7 @@ protected function _getAllItems()
                         $itemWeight = $this->_getWeight($itemWeight * $item->getQty());
                         $maxWeight = $this->_getWeight($this->_maxWeight, true);
                         if ($itemWeight > $maxWeight) {
-                            $qtyItem = floor($itemWeight / $maxWeight);
-                            $decimalItems[] = ['weight' => $maxWeight, 'qty' => $qtyItem];
-                            $weightItem = $this->mathDivision->getExactDivision($itemWeight, $maxWeight);
-                            if ($weightItem) {
-                                $decimalItems[] = ['weight' => $weightItem, 'qty' => 1];
-                            }
+                            $this->pushDecimalItems($decimalItems, $itemWeight, $maxWeight);
                             $checkWeight = false;
                         }
                     }
@@ -772,6 +767,23 @@ protected function _getAllItems()
         return $fullItems;
     }
 
+    /**
+     * Pushes items into array that are decimal places on item weight
+     *
+     * @param array $decimalItems
+     * @param float $itemWeight
+     * @param float $maxWeight
+     */
+    private function pushDecimalItems(array &$decimalItems, float $itemWeight, float $maxWeight)
+    {
+        $qtyItem = floor($itemWeight / $maxWeight);
+        $decimalItems[] = ['weight' => $maxWeight, 'qty' => $qtyItem];
+        $weightItem = $this->mathDivision->getExactDivision($itemWeight, $maxWeight);
+        if ($weightItem) {
+            $decimalItems[] = ['weight' => $weightItem, 'qty' => 1];
+        }
+    }
+
     /**
      * Make pieces
      *
@@ -957,7 +969,7 @@ protected function _getQuotes()
     protected function _getQuotesFromServer($request)
     {
         $client = $this->_httpClientFactory->create();
-        $client->setUri((string)$this->getConfigData('gateway_url'));
+        $client->setUri($this->getGatewayURL());
         $client->setConfig(['maxredirects' => 0, 'timeout' => 30]);
         $client->setRawData(utf8_encode($request));
 
@@ -1558,7 +1570,7 @@ protected function _doRequest()
             $debugData = ['request' => $request];
             try {
                 $client = $this->_httpClientFactory->create();
-                $client->setUri((string)$this->getConfigData('gateway_url'));
+                $client->setUri($this->getGatewayURL());
                 $client->setConfig(['maxredirects' => 0, 'timeout' => 30]);
                 $client->setRawData($request);
                 $responseBody = $client->request(\Magento\Framework\HTTP\ZendClient::POST)->getBody();
@@ -1751,7 +1763,7 @@ protected function _getXMLTracking($trackings)
             $debugData = ['request' => $request];
             try {
                 $client = new \Magento\Framework\HTTP\ZendClient();
-                $client->setUri((string)$this->getConfigData('gateway_url'));
+                $client->setUri($this->getGatewayURL());
                 $client->setConfig(['maxredirects' => 0, 'timeout' => 30]);
                 $client->setRawData($request);
                 $responseBody = $client->request(\Magento\Framework\HTTP\ZendClient::POST)->getBody();
@@ -1959,6 +1971,8 @@ protected function _prepareShippingLabelContent(\SimpleXMLElement $xml)
     }
 
     /**
+     * Verify if the shipment is dutiable
+     *
      * @param string $origCountryId
      * @param string $destCountryId
      *
@@ -1972,4 +1986,18 @@ protected function isDutiable($origCountryId, $destCountryId)
             self::DHL_CONTENT_TYPE_NON_DOC == $this->getConfigData('content_type')
             && !$this->_isDomestic;
     }
+
+    /**
+     * Get the gateway URL
+     *
+     * @return string
+     */
+    private function getGatewayURL()
+    {
+        if ($this->getConfigData('sandbox_mode')) {
+            return (string)$this->getConfigData('sandbox_url');
+        } else {
+            return (string)$this->getConfigData('gateway_url');
+        }
+    }
 }

app/code/Magento/Dhl/Test/Unit/Model/CarrierTest.php

@@ -7,6 +7,7 @@
 
 use Magento\Quote\Model\Quote\Address\RateRequest;
 use Magento\Framework\Xml\Security;
+use Magento\Dhl\Model\Carrier;
 
 class CarrierTest extends \PHPUnit_Framework_TestCase
 {
@@ -305,4 +306,52 @@ public function testCollectRatesFail()
 
         $this->assertFalse(false, $this->_model->collectRates($request));
     }
+
+    /**
+     * Tests if the DHL client returns the appropriate API URL.
+     *
+     * @dataProvider getGatewayURLProvider
+     * @param $sandboxMode
+     * @param $expectedURL
+     * @throws \ReflectionException
+     */
+    public function testGetGatewayURL($sandboxMode, $expectedURL)
+    {
+        $scope = $this->getMockBuilder(
+            '\Magento\Framework\App\Config\ScopeConfigInterface'
+        )->disableOriginalConstructor()->getMock();
+
+        $scopeConfigValueMap = [
+            ['carriers/dhl/gateway_url', 'store', null, 'https://xmlpi-ea.dhl.com/XMLShippingServlet'],
+            ['carriers/dhl/sandbox_url', 'store', null, 'https://xmlpitest-ea.dhl.com/XMLShippingServlet'],
+            ['carriers/dhl/sandbox_mode', 'store', null, $sandboxMode]
+        ];
+
+        $scope->method('getValue')
+            ->willReturnMap($scopeConfigValueMap);
+
+        $this->model = $this->_helper->getObject(
+            Carrier::class,
+            [
+                'scopeConfig' => $scope
+            ]
+        );
+
+        $method = new \ReflectionMethod($this->model, 'getGatewayURL');
+        $method->setAccessible(true);
+        $this->assertEquals($expectedURL, $method->invoke($this->model));
+    }
+
+    /**
+     * Data provider for testGetGatewayURL
+     *
+     * @return array
+     */
+    public function getGatewayURLProvider()
+    {
+        return [
+            'standard_url' => [0, 'https://xmlpi-ea.dhl.com/XMLShippingServlet'],
+            'sandbox_url' => [1, 'https://xmlpitest-ea.dhl.com/XMLShippingServlet']
+        ];
+    }
 }

app/code/Magento/Dhl/etc/adminhtml/system.xml

@@ -14,9 +14,6 @@
                     <label>Enabled for Checkout</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="gateway_url" translate="label" type="text" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="0" canRestore="1">
-                    <label>Gateway URL</label>
-                </field>
                 <field id="title" translate="label" type="text" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="1" canRestore="1">
                     <label>Title</label>
                 </field>
@@ -150,6 +147,10 @@
                     <label>Debug</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
+                <field id="sandbox_mode" translate="label" type="select" sortOrder="1960" showInDefault="1" showInWebsite="1" showInStore="0">
+                    <label>Sandbox Mode</label>
+                    <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
+                </field>
             </group>
         </section>
     </system>

app/code/Magento/Dhl/etc/config.xml

@@ -25,6 +25,7 @@
                 <doc_methods>2,5,6,7,9,B,C,D,U,K,L,G,W,I,N,O,R,S,T,X</doc_methods>
                 <free_method>G</free_method>
                 <gateway_url>https://xmlpi-ea.dhl.com/XMLShippingServlet</gateway_url>
+                <sandbox_url>https://xmlpitest-ea.dhl.com/XMLShippingServlet</sandbox_url>
                 <id backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
                 <password backend_model="Magento\Config\Model\Config\Backend\Encrypted" />
                 <content_type>N</content_type>

app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml

@@ -6,11 +6,12 @@
 
 // @codingStandardsIgnoreFile
 
+$escapeHelper = $this->helper(\Magento\Framework\EscapeHelper::class);
 ?>
 <div class="page-create-order">
     <script>
     require(["Magento_Sales/order/create/form"], function(){
-        order.setCurrencySymbol('<?php /* @escapeNotVerified */ echo $block->getCurrencySymbol($block->getCurrentCurrencyCode()) ?>')
+        order.setCurrencySymbol('<?php echo $escapeHelper->escapeJs($block->getCurrencySymbol($block->getCurrentCurrencyCode())) ?>')
     });
 </script>
     <div class="order-details<?php if ($block->getCustomerId()): ?> order-details-existing-customer<?php endif; ?>">
@@ -35,7 +36,7 @@
 
         <section id="order-addresses" class="admin__page-section order-addresses">
             <div class="admin__page-section-title">
-                <span class="title"><?php /* @escapeNotVerified */ echo __('Address Information') ?></span>
+                <span class="title"><?php echo $block->escapeHtml(__('Address Information')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <div id="order-billing_address" class="admin__page-section-item order-billing-address">
@@ -49,7 +50,7 @@
 
         <section id="order-methods" class="admin__page-section order-methods">
             <div class="admin__page-section-title">
-                <span class="title"><?php /* @escapeNotVerified */ echo __('Payment &amp; Shipping Information') ?></span>
+                <span class="title"><?php echo $block->escapeHtml(__('Payment &amp; Shipping Information')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <div id="order-billing_method" class="admin__page-section-item order-billing-method">
@@ -71,11 +72,11 @@
 
         <section class="admin__page-section order-summary">
             <div class="admin__page-section-title">
-                <span class="title"><?php /* @escapeNotVerified */ echo __('Order Total') ?></span>
+                <span class="title"><?php echo $block->escapeHtml(__('Order Total')) ?></span>
             </div>
             <div class="admin__page-section-content">
                 <fieldset class="admin__fieldset order-history" id="order-comment">
-                    <legend class="admin__legend"><span><?php /* @escapeNotVerified */ echo __('Order History') ?></span></legend>
+                    <legend class="admin__legend"><span><?php echo $block->escapeHtml(__('Order History')) ?></span></legend>
                     <br>
                     <?php echo $block->getChildHtml('comment') ?>
                 </fieldset>
@@ -90,15 +91,15 @@
         <div class="order-sidebar">
             <div class="store-switcher order-currency">
                 <label class="admin__field-label" for="currency_switcher">
-                    <?php /* @escapeNotVerified */ echo __('Order Currency:') ?>
+                    <?php echo $block->escapeHtml(__('Order Currency:')) ?>
                 </label>
                 <select id="currency_switcher"
                         class="admin__control-select"
                         name="order[currency]"
                         onchange="order.setCurrencyId(this.value); order.setCurrencySymbol(this.options[this.selectedIndex].getAttribute('symbol'));">
                     <?php foreach ($block->getAvailableCurrencies() as $_code): ?>
-                        <option value="<?php /* @escapeNotVerified */ echo $_code ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?php /* @escapeNotVerified */ echo $block->getCurrencySymbol($_code) ?>">
-                            <?php /* @escapeNotVerified */ echo $block->getCurrencyName($_code) ?>
+                        <option value="<?php echo $escapeHelper->escapeHtmlAttr($_code) ?>"<?php if ($_code == $block->getCurrentCurrencyCode()): ?> selected="selected"<?php endif; ?> symbol="<?php echo $escapeHelper->escapeHtmlAttr($block->getCurrencySymbol($_code)) ?>">
+                            <?php echo $block->escapeHtml($block->getCurrencyName($_code)) ?>
                         </option>
                     <?php endforeach; ?>
                 </select>