Skip to content

Commit 4b38e3f

Browse files
dvoskoboinikovdvoskoboinikov
authored
Merge MC-31362 into 2.4.0-bugfixes-030929
2 parents 5f0aa59 + 4625323 commit 4b38e3f

File tree

8 files changed

+365
-87
lines changed

8 files changed

+365
-87
lines changed

app/code/Magento/Cms/Controller/Adminhtml/Wysiwyg/Images/DeleteFolder.php

Lines changed: 4 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@
44
* Copyright © Magento, Inc. All rights reserved.
55
* See COPYING.txt for license details.
66
*/
7+
8+
declare(strict_types=1);
9+
710
namespace Magento\Cms\Controller\Adminhtml\Wysiwyg\Images;
811

912
use Magento\Framework\App\Action\HttpPostActionInterface;
@@ -60,13 +63,8 @@ public function execute()
6063
{
6164
try {
6265
$path = $this->getStorage()->getCmsWysiwygImages()->getCurrentPath();
63-
if (!$this->directoryResolver->validatePath($path, DirectoryList::MEDIA)) {
64-
throw new \Magento\Framework\Exception\LocalizedException(
65-
__('Directory %1 is not under storage root path.', $path)
66-
);
67-
}
6866
$this->getStorage()->deleteDirectory($path);
69-
67+
7068
return $this->resultRawFactory->create();
7169
} catch (\Exception $e) {
7270
$result = ['error' => true, 'message' => $e->getMessage()];

app/code/Magento/Cms/Model/Wysiwyg/Images/Storage.php

Lines changed: 36 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,8 @@ public function __construct(
225225
*
226226
* @param string $path
227227
* @return void
228+
* @throws \Magento\Framework\Exception\FileSystemException
229+
* @throws \Magento\Framework\Exception\ValidatorException
228230
*/
229231
protected function createSubDirectories($path)
230232
{
@@ -295,6 +297,7 @@ protected function removeItemFromCollection($collection, $conditions)
295297
*
296298
* @param string $path Parent directory path
297299
* @return \Magento\Framework\Data\Collection\Filesystem
300+
* @throws \Exception
298301
*/
299302
public function getDirsCollection($path)
300303
{
@@ -393,6 +396,7 @@ public function getFilesCollection($path, $type = null)
393396
*
394397
* @param string $path Path to the directory
395398
* @return \Magento\Cms\Model\Wysiwyg\Images\Storage\Collection
399+
* @throws \Exception
396400
*/
397401
public function getCollection($path = null)
398402
{
@@ -485,6 +489,9 @@ public function deleteDirectory($path)
485489
*
486490
* @param string $path
487491
* @return void
492+
* @throws \Magento\Framework\Exception\FileSystemException
493+
* @throws \Magento\Framework\Exception\LocalizedException
494+
* @throws \Magento\Framework\Exception\ValidatorException
488495
*/
489496
protected function _deleteByPath($path)
490497
{
@@ -500,6 +507,8 @@ protected function _deleteByPath($path)
500507
*
501508
* @param string $target File path to be deleted
502509
* @return $this
510+
* @throws \Magento\Framework\Exception\FileSystemException
511+
* @throws \Magento\Framework\Exception\ValidatorException
503512
*/
504513
public function deleteFile($target)
505514
{
@@ -561,9 +570,11 @@ public function uploadFile($targetPath, $type = null)
561570
/**
562571
* Thumbnail path getter
563572
*
564-
* @param string $filePath original file path
565-
* @param bool $checkFile OPTIONAL is it necessary to check file availability
573+
* @param string $filePath original file path
574+
* @param bool $checkFile OPTIONAL is it necessary to check file availability
566575
* @return string|false
576+
* @throws \Magento\Framework\Exception\FileSystemException
577+
* @throws \Magento\Framework\Exception\ValidatorException
567578
*/
568579
public function getThumbnailPath($filePath, $checkFile = false)
569580
{
@@ -587,9 +598,11 @@ public function getThumbnailPath($filePath, $checkFile = false)
587598
/**
588599
* Thumbnail URL getter
589600
*
590-
* @param string $filePath original file path
591-
* @param bool $checkFile OPTIONAL is it necessary to check file availability
601+
* @param string $filePath original file path
602+
* @param bool $checkFile OPTIONAL is it necessary to check file availability
592603
* @return string|false
604+
* @throws \Magento\Framework\Exception\FileSystemException
605+
* @throws \Magento\Framework\Exception\ValidatorException
593606
*/
594607
public function getThumbnailUrl($filePath, $checkFile = false)
595608
{
@@ -610,6 +623,8 @@ public function getThumbnailUrl($filePath, $checkFile = false)
610623
* @param string $source Image path to be resized
611624
* @param bool $keepRatio Keep aspect ratio or not
612625
* @return bool|string Resized filepath or false if errors were occurred
626+
* @throws \Magento\Framework\Exception\FileSystemException
627+
* @throws \Magento\Framework\Exception\ValidatorException
613628
*/
614629
public function resizeFile($source, $keepRatio = true)
615630
{
@@ -643,6 +658,9 @@ public function resizeFile($source, $keepRatio = true)
643658
*
644659
* @param string $filename File basename
645660
* @return bool|string Thumbnail path or false for errors
661+
* @throws \Magento\Framework\Exception\FileSystemException
662+
* @throws \Magento\Framework\Exception\LocalizedException
663+
* @throws \Magento\Framework\Exception\ValidatorException
646664
*/
647665
public function resizeOnTheFly($filename)
648666
{
@@ -658,6 +676,8 @@ public function resizeOnTheFly($filename)
658676
*
659677
* @param bool|string $filePath Path to the file
660678
* @return string
679+
* @throws \Magento\Framework\Exception\FileSystemException
680+
* @throws \Magento\Framework\Exception\ValidatorException
661681
*/
662682
public function getThumbsPath($filePath = false)
663683
{
@@ -782,17 +802,28 @@ protected function _validatePath($path)
782802
*
783803
* @param string $path
784804
* @return string
805+
* @throws \Magento\Framework\Exception\ValidatorException
785806
*/
786807
protected function _sanitizePath($path)
787808
{
788-
return rtrim(preg_replace('~[/\\\]+~', '/', $this->_directory->getDriver()->getRealPathSafety($path)), '/');
809+
return rtrim(
810+
preg_replace(
811+
'~[/\\\]+~',
812+
'/',
813+
$this->_directory->getDriver()->getRealPathSafety(
814+
$this->_directory->getAbsolutePath($path)
815+
)
816+
),
817+
'/'
818+
);
789819
}
790820

791821
/**
792822
* Get path in root storage dir
793823
*
794824
* @param string $path
795825
* @return string|bool
826+
* @throws \Magento\Framework\Exception\ValidatorException
796827
*/
797828
protected function _getRelativePathToRoot($path)
798829
{

app/code/Magento/Cms/Test/Unit/Model/Wysiwyg/Images/StorageTest.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -139,7 +139,7 @@ protected function setUp()
139139

140140
$this->directoryMock = $this->createPartialMock(
141141
\Magento\Framework\Filesystem\Directory\Write::class,
142-
['delete', 'getDriver', 'create', 'getRelativePath', 'isExist', 'isFile']
142+
['delete', 'getDriver', 'create', 'getRelativePath', 'getAbsolutePath', 'isExist', 'isFile']
143143
);
144144
$this->directoryMock->expects(
145145
$this->any()
@@ -283,6 +283,7 @@ public function testGetResizeHeight()
283283
public function testDeleteDirectoryOverRoot()
284284
{
285285
$this->driverMock->expects($this->atLeastOnce())->method('getRealPathSafety')->will($this->returnArgument(0));
286+
$this->directoryMock->expects($this->atLeastOnce())->method('getAbsolutePath')->will($this->returnArgument(0));
286287
$this->imagesStorage->deleteDirectory(self::INVALID_DIRECTORY_OVER_ROOT);
287288
}
288289

@@ -294,6 +295,7 @@ public function testDeleteDirectoryOverRoot()
294295
public function testDeleteRootDirectory()
295296
{
296297
$this->driverMock->expects($this->atLeastOnce())->method('getRealPathSafety')->will($this->returnArgument(0));
298+
$this->directoryMock->expects($this->atLeastOnce())->method('getAbsolutePath')->will($this->returnArgument(0));
297299
$this->imagesStorage->deleteDirectory(self::STORAGE_ROOT_DIR);
298300
}
299301

app/code/Magento/Theme/Model/Design/Backend/File.php

Lines changed: 26 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -4,24 +4,27 @@
44
* See COPYING.txt for license details.
55
*/
66

7+
declare(strict_types=1);
8+
79
namespace Magento\Theme\Model\Design\Backend;
810

9-
use Magento\Config\Model\Config\Backend\File\RequestData\RequestDataInterface;
1011
use Magento\Config\Model\Config\Backend\File as BackendFile;
12+
use Magento\Config\Model\Config\Backend\File\RequestData\RequestDataInterface;
1113
use Magento\Framework\App\Cache\TypeListInterface;
1214
use Magento\Framework\App\Config\ScopeConfigInterface;
1315
use Magento\Framework\App\ObjectManager;
1416
use Magento\Framework\Data\Collection\AbstractDb;
1517
use Magento\Framework\Exception\LocalizedException;
1618
use Magento\Framework\File\Mime;
1719
use Magento\Framework\Filesystem;
20+
use Magento\Framework\Filesystem\Io\File as IoFileSystem;
1821
use Magento\Framework\Model\Context;
1922
use Magento\Framework\Model\ResourceModel\AbstractResource;
2023
use Magento\Framework\Registry;
2124
use Magento\Framework\UrlInterface;
25+
use Magento\MediaStorage\Helper\File\Storage\Database;
2226
use Magento\MediaStorage\Model\File\UploaderFactory;
2327
use Magento\Theme\Model\Design\Config\FileUploader\FileProcessor;
24-
use Magento\MediaStorage\Helper\File\Storage\Database;
2528

2629
/**
2730
* File Backend
@@ -40,6 +43,11 @@ class File extends BackendFile
4043
*/
4144
private $mime;
4245

46+
/**
47+
* @var IoFileSystem
48+
*/
49+
private $ioFileSystem;
50+
4351
/**
4452
* @var Database
4553
*/
@@ -58,6 +66,7 @@ class File extends BackendFile
5866
* @param AbstractDb|null $resourceCollection
5967
* @param array $data
6068
* @param Database $databaseHelper
69+
* @param IoFileSystem $ioFileSystem
6170
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
6271
*/
6372
public function __construct(
@@ -72,7 +81,8 @@ public function __construct(
7281
AbstractResource $resource = null,
7382
AbstractDb $resourceCollection = null,
7483
array $data = [],
75-
Database $databaseHelper = null
84+
Database $databaseHelper = null,
85+
IoFileSystem $ioFileSystem = null
7686
) {
7787
parent::__construct(
7888
$context,
@@ -88,6 +98,7 @@ public function __construct(
8898
);
8999
$this->urlBuilder = $urlBuilder;
90100
$this->databaseHelper = $databaseHelper ?: ObjectManager::getInstance()->get(Database::class);
101+
$this->ioFileSystem = $ioFileSystem ?: ObjectManager::getInstance()->get(IoFileSystem::class);
91102
}
92103

93104
/**
@@ -108,11 +119,21 @@ public function beforeSave()
108119
__('%1 does not contain field \'file\'', $this->getData('field_config/field'))
109120
);
110121
}
122+
123+
if (!empty($this->getAllowedExtensions()) &&
124+
(!isset($this->ioFileSystem->getPathInfo($file)['extension']) ||
125+
!in_array($this->ioFileSystem->getPathInfo($file)['extension'], $this->getAllowedExtensions()))
126+
) {
127+
throw new LocalizedException(
128+
__('Something is wrong with the file upload settings.')
129+
);
130+
}
131+
111132
if (isset($value['exists'])) {
112133
$this->setValue($file);
113134
return $this;
114135
}
115-
136+
116137
//phpcs:ignore Magento2.Functions.DiscouragedFunction
117138
$this->updateMediaDirectory(basename($file), $value['url']);
118139

@@ -196,7 +217,7 @@ protected function getStoreMediaUrl($fileName)
196217
$urlType = ['_type' => empty($baseUrl['type']) ? 'link' : (string)$baseUrl['type']];
197218
$baseUrl = $baseUrl['value'] . '/';
198219
}
199-
return $this->urlBuilder->getBaseUrl($urlType) . $baseUrl . $fileName;
220+
return $this->urlBuilder->getBaseUrl($urlType) . $baseUrl . $fileName;
200221
}
201222

202223
/**

0 commit comments

Comments
 (0)