Merge branch '2.4.5-develop' into AC-1981

jayjoshigl · jayjoshigl · commit 6d73024d63ab · 2022-02-09T15:12:31.000+05:30
diff --git a/app/code/Magento/Sales/Controller/Adminhtml/Order/AddComment.php b/app/code/Magento/Sales/Controller/Adminhtml/Order/AddComment.php
@@ -20,12 +20,12 @@ class AddComment extends \Magento\Sales\Controller\Adminhtml\Order implements Ht
      *
      * @see _isAllowed()
      */
-    const ADMIN_RESOURCE = 'Magento_Sales::comment';
+    public const ADMIN_RESOURCE = 'Magento_Sales::comment';
 
     /**
      * ACL resource needed to send comment email notification
      */
-    const ADMIN_SALES_EMAIL_RESOURCE = 'Magento_Sales::emails';
+    public const ADMIN_SALES_EMAIL_RESOURCE = 'Magento_Sales::emails';
 
     /**
      * Add order comment action
@@ -52,13 +52,12 @@ public function execute()
                     $notify = false;
                 }
 
-                $history = $order->addStatusHistoryComment($data['comment'], $data['status']);
+                $comment = trim(strip_tags($data['comment']));
+                $history = $order->addStatusHistoryComment($comment, $data['status']);
                 $history->setIsVisibleOnFront($visible);
                 $history->setIsCustomerNotified($notify);
                 $history->save();
 
-                $comment = trim(strip_tags($data['comment']));
-
                 $order->save();
                 /** @var OrderCommentSender $orderCommentSender */
                 $orderCommentSender = $this->_objectManager
diff --git a/app/code/Magento/Store/etc/config.xml b/app/code/Magento/Store/etc/config.xml
@@ -135,6 +135,7 @@
                     <pht>pht</pht>
                     <phar>phar</phar>
                     <svg>svg</svg>
+                    <svgz>svgz</svgz>
                     <xml>xml</xml>
                     <xhtml>xhtml</xhtml>
                 </protected_extensions>
diff --git a/pub/errors/default/page.phtml b/pub/errors/default/page.phtml
@@ -3,12 +3,14 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+// phpcs:ignoreFile
 ?>
 <!doctype html>
 <html xmlns="http://www.w3.org/1999/xhtml" >
 <head>
     <title><?= $this->pageTitle ?></title>
-    <base href="<?= $this->getViewFileUrl() ?>" />
+    <base href="<?= $this->escaper->escapeHtmlAttr($this->getViewFileUrl()) ?>" />
     <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
     <meta name="robots" content="*"/>
     <link rel="stylesheet" href="css/styles.css" type="text/css" />
diff --git a/pub/errors/processor.php b/pub/errors/processor.php
@@ -595,7 +595,7 @@ private function redirectToBaseUrl()
      */
     private function isReportIdValid(string $reportId): bool
     {
-        return (bool)preg_match('/[a-fA-F0-9]{64}/', $reportId);
+        return (bool)preg_match('/^[a-fA-F0-9]{64}$/', $reportId);
     }
 
     /**

Original file line number	Diff line number	Diff line change
`@@ -595,7 +595,7 @@ private function redirectToBaseUrl()`
`595`	`595`	`*/`
`596`	`596`	`private function isReportIdValid(string $reportId): bool`
`597`	`597`	`{`
`598`		`- return (bool)preg_match('/[a-fA-F0-9]{64}/', $reportId);`
	`598`	`+ return (bool)preg_match('/^[a-fA-F0-9]{64}$/', $reportId);`
`599`	`599`	`}`
`600`	`600`
`601`	`601`	`/**`