Merge pull request #3388 from magento-qwerty/MAGETWO-61322

dvoskoboinikov · web-flow · commit 6c4e9793d1e2 · 2018-10-30T18:39:53.000+02:00
Fixed issues:
- MAGETWO-61322: Fixed incorrect return-order flow
diff --git a/app/code/Magento/Sales/Controller/AbstractController/Reorder.php b/app/code/Magento/Sales/Controller/AbstractController/Reorder.php
@@ -7,7 +7,11 @@
 namespace Magento\Sales\Controller\AbstractController;
 
 use Magento\Framework\App\Action;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Data\Form\FormKey\Validator;
 use Magento\Framework\Registry;
+use Magento\Framework\Exception\NotFoundException;
+use Magento\Framework\Controller\ResultFactory;
 
 abstract class Reorder extends Action\Action
 {
@@ -21,18 +25,26 @@ abstract class Reorder extends Action\Action
      */
     protected $_coreRegistry;
 
+    /**
+     * @var Validator
+     */
+    private $formKeyValidator;
+
     /**
      * @param Action\Context $context
      * @param OrderLoaderInterface $orderLoader
      * @param Registry $registry
+     * @param Validator|null $formKeyValidator
      */
     public function __construct(
         Action\Context $context,
         OrderLoaderInterface $orderLoader,
-        Registry $registry
+        Registry $registry,
+        Validator $formKeyValidator = null
     ) {
         $this->orderLoader = $orderLoader;
         $this->_coreRegistry = $registry;
+        $this->formKeyValidator = $formKeyValidator ?: ObjectManager::getInstance()->create(Validator::class);
         parent::__construct($context);
     }
 
@@ -43,6 +55,20 @@ public function __construct(
      */
     public function execute()
     {
+        if ($this->getRequest()->isPost()) {
+            if (!$this->formKeyValidator->validate($this->getRequest())) {
+                $this->messageManager->addErrorMessage(__('Invalid Form Key. Please refresh the page.'));
+
+                /** @var \Magento\Framework\Controller\Result\Redirect $redirect */
+                $redirect = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+                $redirect->setPath('*/*/history');
+
+                return $redirect;
+            }
+        } else {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
         $result = $this->orderLoader->load($this->_request);
         if ($result instanceof \Magento\Framework\Controller\ResultInterface) {
             return $result;
