Merge branch '2.2-develop' into 2.2.10-develop

# Conflicts:
#	app/code/Magento/Cms/etc/di.xml
#	app/code/Magento/Customer/Test/Mftf/ActionGroup/LoginToStorefrontActionGroup.xml
#	app/code/Magento/Email/Block/Adminhtml/Template/Preview.php
#	app/code/Magento/Sales/Helper/Admin.php
#	app/code/Magento/Sales/view/adminhtml/templates/order/create/data.phtml
#	app/code/Magento/Search/Model/ResourceModel/SynonymReader.php
#	composer.lock
#	dev/tests/integration/testsuite/Magento/Framework/Session/SidResolverTest.php
#	dev/tests/static/testsuite/Magento/Test/Legacy/_files/security/unsecure_php_functions.php
#	lib/internal/Magento/Framework/Session/SidResolver.php

Author: dvoskoboinikov

app/code/Magento/AdminNotification/Model/Feed.php

@@ -25,6 +25,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +82,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param \Magento\Framework\Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,7 +96,8 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
         $this->_backendConfig    = $backendConfig;
@@ -99,12 +106,16 @@ public function __construct(
         $this->_deploymentConfig = $deploymentConfig;
         $this->productMetadata   = $productMetadata;
         $this->urlBuilder        = $urlBuilder;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -255,6 +266,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }

app/code/Magento/AdminNotification/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-admin-notification",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-store": "100.2.*",
         "magento/module-backend": "100.2.*",
         "magento/module-media-storage": "100.2.*",

app/code/Magento/AdvancedPricingImportExport/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-advanced-pricing-import-export",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-catalog": "102.0.*",
         "magento/module-catalog-inventory": "100.2.*",
         "magento/module-eav": "101.0.*",

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/CollectionTimeLabelTest.php

@@ -40,6 +40,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->contextMock = $this->getMockBuilder(Context::class)
             ->setMethods(['getLocaleDate'])
             ->disableOriginalConstructor()

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/SubscriptionStatusLabelTest.php

@@ -54,6 +54,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->formMock = $this->getMockBuilder(Form::class)
             ->disableOriginalConstructor()
             ->getMock();

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/VerticalTest.php

@@ -39,6 +39,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getLabel', 'getHint', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->contextMock = $this->getMockBuilder(Context::class)
             ->disableOriginalConstructor()
             ->getMock();

app/code/Magento/Analytics/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-analytics",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-backend": "100.2.*",
         "magento/module-config": "101.0.*",
         "magento/module-integration": "100.2.*",

app/code/Magento/Authorization/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-authorization",
     "description": "Authorization module provides access to Magento ACL functionality.",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-backend": "100.2.*",
         "magento/framework": "101.0.*"
     },

app/code/Magento/Authorizenet/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-authorizenet",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-sales": "101.0.*",
         "magento/module-store": "100.2.*",
         "magento/module-quote": "101.0.*",

app/code/Magento/Backend/Block/Dashboard/Bar.php

@@ -5,6 +5,8 @@
  */
 namespace Magento\Backend\Block\Dashboard;
 
+use Magento\Store\Model\Store;
+
 /**
  * Adminhtml dashboard bar block
  *
@@ -73,6 +75,7 @@ public function setCurrency($currency)
      * Retrieve currency model if not set then return currency model for current store
      *
      * @return \Magento\Directory\Model\Currency
+     * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
      */
     public function getCurrency()
     {
@@ -90,7 +93,8 @@ public function getCurrency()
                     $this->getRequest()->getParam('group')
                 )->getWebsite()->getBaseCurrency();
             } else {
-                $this->_currentCurrencyCode = $this->_storeManager->getStore()->getBaseCurrency();
+                $this->_currentCurrencyCode = $this->_storeManager->getStore(Store::DEFAULT_STORE_ID)
+                    ->getBaseCurrency();
             }
         }