Merge remote-tracking branch 'origin/MAGETWO-95646' into 2.1.16-develop-pr60

Author: viktorpetryk

app/code/Magento/Eav/Model/Attribute/Data/File.php

@@ -119,8 +119,7 @@ public function extractValue(RequestInterface $request)
     }
 
     /**
-     * Validate file by attribute validate rules
-     * Return array of errors
+     * Validate file by attribute validate rules and return array of errors.
      *
      * @param array $value
      * @return string[]
@@ -146,7 +145,7 @@ protected function _validateByRules($value)
             return $this->_fileValidator->getMessages();
         }
 
-        if (!is_uploaded_file($value['tmp_name'])) {
+        if (!empty($value['tmp_name']) && !is_uploaded_file($value['tmp_name'])) {
             return [__('"%1" is not a valid file.', $label)];
         }
 
@@ -173,13 +172,23 @@ public function validateValue($value)
         if ($this->getIsAjaxRequest()) {
             return true;
         }
+        $fileData = $value;
+
+        if (is_string($value) && !empty($value)) {
+            $dir = $this->_directory->getAbsolutePath($this->getAttribute()->getEntityType()->getEntityTypeCode());
+            $fileData = [
+                'size' => filesize($dir . $value),
+                'name' => $value,
+                'tmp_name' => $dir . $value,
+            ];
+        }
 
         $errors = [];
         $attribute = $this->getAttribute();
         $label = $attribute->getStoreLabel();
 
         $toDelete = !empty($value['delete']) ? true : false;
-        $toUpload = !empty($value['tmp_name']) ? true : false;
+        $toUpload = !empty($value['tmp_name']) || is_string($value) && !empty($value) ? true : false;
 
         if (!$toUpload && !$toDelete && $this->getEntity()->getData($attribute->getAttributeCode())) {
             return true;
@@ -194,11 +203,13 @@ public function validateValue($value)
         }
 
         if ($toUpload) {
-            $errors = array_merge($errors, $this->_validateByRules($value));
+            $errors = array_merge($errors, $this->_validateByRules($fileData));
         }
 
         if (count($errors) == 0) {
             return true;
+        } elseif (is_string($value) && !empty($value)) {
+            $this->_directory->delete($dir . $value);
         }
 
         return $errors;

dev/tests/js/jasmine/tests/lib/mage/validation.test.js

@@ -132,4 +132,24 @@ define([
             ).toEqual(false);
         });
     });
+
+    describe('Testing validate-forbidden-extensions', function () {
+        it('validate-forbidden-extensions', function () {
+            var el1 = $('<input type="text" value="" ' +
+                'class="validate-extensions" data-validation-params="php,phtml">').get(0);
+
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php,phtml', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html', el1, null)).toEqual(true);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html,png', el1, null)).toEqual(true);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php,html', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html,php', el1, null)).toEqual(false);
+        });
+    });
 });

lib/internal/Magento/Framework/Data/Form/Element/Text.php

@@ -4,15 +4,13 @@
  * See COPYING.txt for license details.
  */
 
-/**
- * Form text element
- *
- * @author      Magento Core Team <core@magentocommerce.com>
- */
 namespace Magento\Framework\Data\Form\Element;
 
 use Magento\Framework\Escaper;
 
+/**
+ * Form text element
+ */
 class Text extends AbstractElement
 {
     /**
@@ -65,7 +63,8 @@ public function getHtmlAttributes()
             'placeholder',
             'data-form-part',
             'data-role',
-            'data-action'
+            'data-validation-params',
+            'data-action',
         ];
     }
 }

lib/internal/Magento/Framework/Filesystem/Driver/File.php

@@ -843,6 +843,13 @@ public function fileUnlock($resource)
      */
     public function getAbsolutePath($basePath, $path, $scheme = null)
     {
+        // check if the path given is already an absolute path containing the
+        // basepath. so if the basepath starts at position 0 in the path, we
+        // must not concatinate them again because path is already absolute.
+        if (0 === strpos($path, $basePath)) {
+            return $this->getScheme($scheme) . $path;
+        }
+
         return $this->getScheme($scheme) . $basePath . ltrim($this->fixSeparator($path), '/');
     }
 

lib/internal/Magento/Framework/Filesystem/Test/Unit/Driver/FileTest.php

@@ -40,7 +40,7 @@ public function dataProviderForTestGetAbsolutePath()
             ['/root/path/', 'sub', '/root/path/sub'],
             ['/root/path/', '/sub', '/root/path/sub'],
             ['/root/path/', '../sub', '/root/path/../sub'],
-            ['/root/path/', '/root/path/sub', '/root/path/root/path/sub'],
+            ['/root/path/', '/root/path/sub', '/root/path/sub'],
         ];
     }
 

lib/web/mage/validation.js

@@ -782,6 +782,27 @@
             $.mage.__('The value is not within the specified range.'),
             true
         ],
+        'validate-forbidden-extensions': [
+            function (v, elem) {
+                var forbiddenExtensions = $(elem).attr('data-validation-params'),
+                    forbiddenExtensionsArray = forbiddenExtensions.split(','),
+                    extensionsArray = v.split(','),
+                    result = true;
+
+                this.validateExtensionsMessage = $.mage.__('Forbidden extensions has been used. Avoid usage of ') +
+                    forbiddenExtensions;
+
+                $.each(extensionsArray, function (key, extension) {
+                    if (forbiddenExtensionsArray.indexOf(extension) !== -1) {
+                        result = false;
+                    }
+                });
+
+                return result;
+            }, function () {
+                return this.validateExtensionsMessage;
+            }
+        ],
         'validate-range': [
             function (v, elm) {
                 var minValue, maxValue;