Merge remote-tracking branch 'origin/MAGETWO-95647' into 2.2.7-develop-pr53

zakdma · zakdma · commit 56449e12e02d · 2018-10-29T11:55:56.000+02:00
diff --git a/app/code/Magento/Eav/Model/Attribute/Data/File.php b/app/code/Magento/Eav/Model/Attribute/Data/File.php
@@ -120,8 +120,7 @@ public function extractValue(RequestInterface $request)
     }
 
     /**
-     * Validate file by attribute validate rules
-     * Return array of errors
+     * Validate file by attribute validate rules and return array of errors.
      *
      * @param array $value
      * @return string[]
@@ -147,7 +146,7 @@ protected function _validateByRules($value)
             return $this->_fileValidator->getMessages();
         }
 
-        if (!is_uploaded_file($value['tmp_name'])) {
+        if (!empty($value['tmp_name']) && !is_uploaded_file($value['tmp_name'])) {
             return [__('"%1" is not a valid file.', $label)];
         }
 
@@ -174,12 +173,22 @@ public function validateValue($value)
         if ($this->getIsAjaxRequest()) {
             return true;
         }
+        $fileData = $value;
+
+        if (is_string($value) && !empty($value)) {
+            $dir = $this->_directory->getAbsolutePath($this->getAttribute()->getEntityType()->getEntityTypeCode());
+            $fileData = [
+                'size' => filesize($dir . $value),
+                'name' => $value,
+                'tmp_name' => $dir . $value,
+            ];
+        }
 
         $errors = [];
         $attribute = $this->getAttribute();
 
         $toDelete = !empty($value['delete']) ? true : false;
-        $toUpload = !empty($value['tmp_name']) ? true : false;
+        $toUpload = !empty($value['tmp_name']) || is_string($value) && !empty($value) ? true : false;
 
         if (!$toUpload && !$toDelete && $this->getEntity()->getData($attribute->getAttributeCode())) {
             return true;
@@ -195,11 +204,13 @@ public function validateValue($value)
         }
 
         if ($toUpload) {
-            $errors = array_merge($errors, $this->_validateByRules($value));
+            $errors = array_merge($errors, $this->_validateByRules($fileData));
         }
 
         if (count($errors) == 0) {
             return true;
+        } elseif (is_string($value) && !empty($value)) {
+            $this->_directory->delete($dir . $value);
         }
 
         return $errors;
diff --git a/dev/tests/js/jasmine/tests/lib/mage/validation.test.js b/dev/tests/js/jasmine/tests/lib/mage/validation.test.js
@@ -1142,4 +1142,24 @@ define([
                 .call($.validator.prototype, '30', el1, null)).toEqual(false);
         });
     });
+
+    describe('Testing validate-forbidden-extensions', function () {
+        it('validate-forbidden-extensions', function () {
+            var el1 = $('<input type="text" value="" ' +
+                'class="validate-extensions" data-validation-params="php,phtml">').get(0);
+
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php,phtml', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html', el1, null)).toEqual(true);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html,png', el1, null)).toEqual(true);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'php,html', el1, null)).toEqual(false);
+            expect($.validator.methods['validate-forbidden-extensions']
+                .call($.validator.prototype, 'html,php', el1, null)).toEqual(false);
+        });
+    });
 });
diff --git a/lib/internal/Magento/Framework/Data/Form/Element/Text.php b/lib/internal/Magento/Framework/Data/Form/Element/Text.php
@@ -4,15 +4,13 @@
  * See COPYING.txt for license details.
  */
 
-/**
- * Form text element
- *
- * @author      Magento Core Team <core@magentocommerce.com>
- */
 namespace Magento\Framework\Data\Form\Element;
 
 use Magento\Framework\Escaper;
 
+/**
+ * Form text element
+ */
 class Text extends AbstractElement
 {
     /**
@@ -65,7 +63,8 @@ public function getHtmlAttributes()
             'placeholder',
             'data-form-part',
             'data-role',
-            'data-action'
+            'data-validation-params',
+            'data-action',
         ];
     }
 }
diff --git a/lib/web/mage/validation.js b/lib/web/mage/validation.js
@@ -881,6 +881,27 @@
             },
             $.mage.__('Please enter a valid number in this field.')
         ],
+        'validate-forbidden-extensions': [
+            function (v, elem) {
+                var forbiddenExtensions = $(elem).attr('data-validation-params'),
+                    forbiddenExtensionsArray = forbiddenExtensions.split(','),
+                    extensionsArray = v.split(','),
+                    result = true;
+
+                this.validateExtensionsMessage = $.mage.__('Forbidden extensions has been used. Avoid usage of ') +
+                    forbiddenExtensions;
+
+                $.each(extensionsArray, function (key, extension) {
+                    if (forbiddenExtensionsArray.indexOf(extension) !== -1) {
+                        result = false;
+                    }
+                });
+
+                return result;
+            }, function () {
+                return this.validateExtensionsMessage;
+            }
+        ],
         'validate-digits-range': [
             function (v, elm, param) {
                 var numValue, dataAttrRange, classNameRange, result, range, m, classes, ii;
