Merge branch '2.0' of https://github.com/magento-sparta/magento2ce into MDVA-126

Author: isitnikov

.htaccess

@@ -279,6 +279,10 @@
         order allow,deny
         deny from all
     </Files>
+    <Files magento_umask>
+            order allow,deny
+            deny from all
+    </Files>
 
 ################################
 ## If running in cluster environment, uncomment this

.htaccess.sample

@@ -245,6 +245,10 @@
         order allow,deny
         deny from all
     </Files>
+    <Files magento_umask>
+            order allow,deny
+            deny from all
+    </Files>
 
 ################################
 ## If running in cluster environment, uncomment this

CHANGELOG.md

@@ -1,3 +1,40 @@
+2.0.7
+=============
+* GitHub requests:
+    * [#2984](https://github.com/magento/magento2/issues/2984) -- Payment config settings not decrypted when used?
+
+2.0.6
+=============
+* Functional fixes:
+    * Fixed issue with Redis sessions.
+    * Fixed issue with Varnish cache on GoDaddy.
+
+* Security fixes:
+    * This release contains several security fixes. We describe each issue in detail in the Magento Security Center (https://www.magento.com/security).
+
+* Enhancements:
+    * Management of file ownership and permissions have been made more flexible.
+    * Support for using the Redis adapter to provide session storage.
+
+2.0.5
+=============
+* Fixed bugs:
+    * Fixed issue with HTML minification and comments
+    * Fixed issue with cached CAPTCHA
+    * Fixed issue with images not changing on swatches
+    * Fixed issue with admin URL being indexed in search engines
+    * Fixed issue with viewing products from shared wishlists
+    * Fixed inconsistent data during installation
+    * Fixed issue with saving custom customer attributes during checkout
+    * Fixed issue with multiple newsletter subscriptions for same email
+    * Fixed import issue for products with store code
+* GitHub requests:
+    * [#2795](https://github.com/magento/magento2/pull/2795) -- Fix Notice: Undefined property: Magento\Backend\Helper\Dashboard\Order::$_storeManager
+    * [#2989](https://github.com/magento/magento2/issues/2989) -- Custom Options not working after editing product
+* Various improvements:
+    * Improved export performance
+    * Fixed several performance issue with duplicated queries on category and CMS pages
+
 2.0.3
 =============
 * Fixed bugs:

app/bootstrap.php

@@ -9,7 +9,6 @@
  */
 error_reporting(E_ALL);
 #ini_set('display_errors', 1);
-umask(0);
 
 /* PHP version validation */
 if (version_compare(phpversion(), '5.5.0', '<') === true) {
@@ -31,6 +30,11 @@
 require_once __DIR__ . '/autoload.php';
 require_once BP . '/app/functions.php';
 
+/* Custom umask value may be provided in optional mage_umask file in root */
+$umaskFile = BP . '/magento_umask';
+$mask = file_exists($umaskFile) ? octdec(file_get_contents($umaskFile)) : 002;
+umask($mask);
+
 if (!empty($_SERVER['MAGE_PROFILER'])
     && isset($_SERVER['HTTP_ACCEPT'])
     && strpos($_SERVER['HTTP_ACCEPT'], 'text/html') !== false

app/code/Magento/AdminNotification/composer.json

@@ -10,7 +10,7 @@
         "lib-libxml": "*"
     },
     "type": "magento2-module",
-    "version": "100.0.4",
+    "version": "100.0.5",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/AdvancedPricingImportExport/Model/Import/AdvancedPricing.php

@@ -531,15 +531,21 @@ protected function processCountExistingPrices($prices, $table)
     {
         $existingPrices = $this->_connection->fetchAssoc(
             $this->_connection->select()->from(
-                $this->_connection->getTableName($table),
+                ['t' => $this->_connection->getTableName($table)],
                 ['value_id', 'entity_id', 'all_groups', 'customer_group_id']
             )
+            ->joinInner(
+                ['e' => $this->_connection->getTableName('catalog_product_entity')],
+                't.entity_id = e.entity_id',
+                ['e.sku']
+            )
+            ->where(
+                $this->_connection->quoteInto('e.sku IN (?)', array_keys($prices))
+            )
         );
         foreach ($existingPrices as $existingPrice) {
-            foreach ($this->_oldSkus as $sku => $productId) {
-                if ($existingPrice['entity_id'] == $productId && isset($prices[$sku])) {
-                    $this->incrementCounterUpdated($prices[$sku], $existingPrice);
-                }
+            if (isset($prices[$existingPrice['sku']])) {
+                $this->incrementCounterUpdated($prices[$existingPrice['sku']], $existingPrice);
             }
         }
 

app/code/Magento/AdvancedPricingImportExport/composer.json

@@ -13,7 +13,7 @@
         "magento/framework": "100.0.*"
     },
     "type": "magento2-module",
-    "version": "100.0.4",
+    "version": "100.0.6",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Authorization/composer.json

@@ -7,7 +7,7 @@
         "magento/framework": "100.0.*"
     },
     "type": "magento2-module",
-    "version": "100.0.4",
+    "version": "100.0.5",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Authorizenet/Controller/Directpost/Payment/Redirect.php

@@ -8,18 +8,12 @@
 
 use Magento\Framework\App\ObjectManager;
 use Magento\Payment\Block\Transparent\Iframe;
-use Magento\Framework\Escaper;
 
 /**
  * Class Redirect
  */
 class Redirect extends \Magento\Authorizenet\Controller\Directpost\Payment
 {
-    /**
-     * @var Escaper
-     */
-    private $escaper;
-
     /**
      * Retrieve params and put javascript into iframe
      *
@@ -29,7 +23,7 @@ public function execute()
     {
         $helper = $this->dataFactory->create('frontend');
 
-        $redirectParams = $this->filterData($this->getRequest()->getParams());
+        $redirectParams = $this->getRequest()->getParams();
         $params = [];
         if (!empty($redirectParams['success'])
             && isset($redirectParams['x_invoice_num'])
@@ -38,9 +32,11 @@ public function execute()
             $this->_getDirectPostSession()->unsetData('quote_id');
             $params['redirect_parent'] = $helper->getSuccessOrderUrl([]);
         }
+
         if (!empty($redirectParams['error_msg'])) {
             $cancelOrder = empty($redirectParams['x_invoice_num']);
             $this->_returnCustomerQuote($cancelOrder, $redirectParams['error_msg']);
+            $params['error_msg'] = $redirectParams['error_msg'];
         }
 
         if (isset($redirectParams['controller_action_name'])
@@ -50,34 +46,8 @@ public function execute()
             unset($params['redirect_parent']);
         }
 
-        $this->_coreRegistry->register(Iframe::REGISTRY_KEY, array_merge($params, $redirectParams));
+        $this->_coreRegistry->register(Iframe::REGISTRY_KEY, $params);
         $this->_view->addPageLayoutHandles();
         $this->_view->loadLayout(false)->renderLayout();
     }
-
-    /**
-     * Escape xss in request data
-     * @param array $data
-     * @return array
-     */
-    private function filterData(array $data)
-    {
-        $self = $this;
-        array_walk($data, function (&$item) use ($self) {
-            $item = $self->getEscaper()->escapeXssInUrl($item);
-        });
-        return $data;
-    }
-
-    /**
-     * Get Escaper instance
-     * @return Escaper
-     */
-    private function getEscaper()
-    {
-        if (!$this->escaper) {
-            $this->escaper = ObjectManager::getInstance()->get(Escaper::class);
-        }
-        return $this->escaper;
-    }
 }

app/code/Magento/Authorizenet/Test/Unit/Controller/Directpost/Payment/RedirectTest.php

@@ -8,7 +8,6 @@
 use Magento\Authorizenet\Controller\Directpost\Payment\Redirect;
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\ViewInterface;
-use Magento\Framework\Escaper;
 use Magento\Framework\Registry;
 use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
 use Magento\Payment\Block\Transparent\Iframe;
@@ -34,11 +33,6 @@ class RedirectTest extends \PHPUnit_Framework_TestCase
      */
     private $coreRegistry;
 
-    /**
-     * @var Escaper|MockObject
-     */
-    private $escaper;
-
     /**
      * @var Redirect
      */
@@ -57,21 +51,11 @@ protected function setUp()
             ->setMethods(['register'])
             ->getMock();
 
-        $this->escaper = static::getMockBuilder(Escaper::class)
-            ->disableOriginalConstructor()
-            ->setMethods(['escapeXssInUrl'])
-            ->getMock();
-
         $this->controller = $objectManager->getObject(Redirect::class, [
             'request' => $this->request,
             'view' => $this->view,
             'coreRegistry' => $this->coreRegistry
         ]);
-
-        $refClass = new \ReflectionClass(Redirect::class);
-        $refProperty = $refClass->getProperty('escaper');
-        $refProperty->setAccessible(true);
-        $refProperty->setValue($this->controller, $this->escaper);
     }
 
     /**
@@ -87,14 +71,9 @@ public function testExecute()
             ->method('getParams')
             ->willReturn($params);
 
-        $this->escaper->expects(static::once())
-            ->method('escapeXssInUrl')
-            ->with($url)
-            ->willReturn($url);
-
         $this->coreRegistry->expects(static::once())
             ->method('register')
-            ->with(Iframe::REGISTRY_KEY, $params);
+            ->with(Iframe::REGISTRY_KEY, []);
 
         $this->view->expects(static::once())
             ->method('addPageLayoutHandles');