Merge branch 'MAGETWO-64949-remaining-unserialize-ce' of https://github.com/magento-jackalopes/magento2ce into MAGETWO-64949-remaining-unserialize-ce

Author: Joan He

app/code/Magento/Wishlist/Model/Wishlist.php

@@ -25,6 +25,7 @@
  * @method string getUpdatedAt()
  * @method \Magento\Wishlist\Model\Wishlist setUpdatedAt(string $value)
  * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ * @SuppressWarnings(PHPMD.TooManyFields)
  */
 class Wishlist extends \Magento\Framework\Model\AbstractModel implements \Magento\Framework\DataObject\IdentityInterface
 {
@@ -126,6 +127,8 @@ class Wishlist extends \Magento\Framework\Model\AbstractModel implements \Magent
     private $serializer;
 
     /**
+     * Constructor
+     *
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
      * @param \Magento\Catalog\Helper\Product $catalogProduct
@@ -413,9 +416,11 @@ public function addNewItem($product, $buyRequest = null, $forciblySetQty = false
         if ($buyRequest instanceof \Magento\Framework\DataObject) {
             $_buyRequest = $buyRequest;
         } elseif (is_string($buyRequest)) {
-            $_buyRequest = new \Magento\Framework\DataObject(
-                $this->serializer->unserialize($buyRequest)
-            );
+            $buyRequestData = $this->serializer->unserialize($buyRequest);
+            if (!is_array($buyRequestData)) {
+                throw new \InvalidArgumentException('Invalid wishlist item configuration.');
+            }
+            $_buyRequest = new \Magento\Framework\DataObject($buyRequestData);
         } elseif (is_array($buyRequest)) {
             $_buyRequest = new \Magento\Framework\DataObject($buyRequest);
         } else {

dev/tests/integration/testsuite/Magento/Wishlist/Model/WishlistTest.php

@@ -63,4 +63,27 @@ public function testAddNewItem()
         $this->assertInstanceOf(Item::class, $wishlistItem);
         $this->assertEquals($wishlistItem->getQty(), 10);
     }
+
+    /**
+     * @magentoDataFixture Magento/Catalog/_files/product_simple.php
+     * @magentoDataFixture Magento/Customer/_files/customer.php
+     * @magentoAppIsolation enabled
+     * @magentoDbIsolation enabled
+     * @expectedException \InvalidArgumentException
+     * @expectedExceptionMessage Invalid wishlist item configuration.
+     */
+    public function testAddNewItemInvalidWishlistItemConfiguration()
+    {
+        $productSku = 'simple';
+        $customerId = 1;
+        /** @var ProductRepositoryInterface $productRepository */
+        $productRepository = $this->objectManager->create(ProductRepositoryInterface::class);
+        $product = $productRepository->get($productSku);
+        $this->wishlist->loadByCustomerId($customerId, true);
+        $this->wishlist->addNewItem(
+            $product,
+            '{"qty":2'
+        );
+        $this->wishlist->addNewItem($product);
+    }
 }