Merge pull request #2680 from magento-qwerty/2.1.15-bugfixes-080618

Fixed issues:
- MAGETWO-88593: [Backport for 2.1.x] Deleting Stores
- MAGETWO-88605: [Backport for 2.1.x] Invalid Video Uploader Link
- MAGETWO-81472: [Backport for 2.1.x] Cached Config is Different From DB
- MAGETWO-88599: [Backport for 2.1.x] Varnish Config Access List

Author: dvoskoboinikov

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteGroupPost.php

@@ -7,19 +7,28 @@
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\App\Request\Http as HttpRequest;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteGroupPost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
 
+        $itemId = $request->getParam('item_id');
         if (!($model = $this->_objectManager->create('Magento\Store\Model\Group')->load($itemId))) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteStorePost.php

@@ -6,21 +6,31 @@
  */
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
+use Magento\Framework\App\Request\Http as HttpRequest;
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteStorePost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * Delete store view post action
      *
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
+        $itemId = $request->getParam('item_id');
         if (!($model = $this->_objectManager->create('Magento\Store\Model\Store')->load($itemId))) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteWebsitePost.php

@@ -7,21 +7,30 @@
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\App\Request\Http as HttpRequest;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteWebsitePost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-        $model = $this->_objectManager->create('Magento\Store\Model\Website');
-        $model->load($itemId);
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
 
+        $itemId = $request->getParam('item_id');
+        $model = $this->_objectManager->create('Magento\Store\Model\Website');
+        $model->load($itemId);
         if (!$model) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Config/App/Config/Type/System.php

@@ -12,6 +12,7 @@
 use Magento\Framework\Cache\FrontendInterface;
 use Magento\Framework\App\ObjectManager;
 use Magento\Config\App\Config\Type\System\Reader;
+use Magento\Framework\Encryption\EncryptorInterface;
 use Magento\Store\Model\Config\Processor\Fallback;
 
 /**
@@ -101,6 +102,11 @@ class System implements ConfigTypeInterface
      */
     private $availableDataScopes = null;
 
+    /**
+     * @var EncryptorInterface
+     */
+    private $encryptor;
+
     /**
      * @param ConfigSourceInterface $source
      * @param PostProcessorInterface $postProcessor
@@ -110,6 +116,7 @@ class System implements ConfigTypeInterface
      * @param int $cachingNestedLevel
      * @param string $configType
      * @param Reader $reader
+     * @param EncryptorInterface|null $encryptor
      */
     public function __construct(
         ConfigSourceInterface $source,
@@ -119,7 +126,8 @@ public function __construct(
         PreProcessorInterface $preProcessor,
         $cachingNestedLevel = 1,
         $configType = self::CONFIG_TYPE,
-        Reader $reader = null
+        Reader $reader = null,
+        EncryptorInterface $encryptor = null
     ) {
         $this->source = $source;
         $this->postProcessor = $postProcessor;
@@ -129,6 +137,8 @@ public function __construct(
         $this->fallback = $fallback;
         $this->configType = $configType;
         $this->reader = $reader ?: ObjectManager::getInstance()->get(Reader::class);
+        $this->encryptor = $encryptor ?: ObjectManager::getInstance()
+            ->get(EncryptorInterface::class);
     }
 
     /**
@@ -193,7 +203,8 @@ private function loadAllData()
         if ($cachedData === false) {
             $data = $this->reader->read();
         } else {
-            $data = unserialize($cachedData);
+
+            $data = unserialize($this->encryptor->decrypt($cachedData));
         }
 
         return $data;
@@ -212,7 +223,11 @@ private function loadDefaultScopeData($scopeType)
             $data = $this->reader->read();
             $this->cacheData($data);
         } else {
-            $data = [$scopeType => unserialize($cachedData)];
+            $data = [
+                $scopeType => unserialize(
+                    $this->encryptor->decrypt($cachedData)
+                )
+            ];
         }
 
         return $data;
@@ -232,7 +247,9 @@ private function loadScopeData($scopeType, $scopeId)
             if ($this->availableDataScopes === null) {
                 $cachedScopeData = $this->cache->load($this->configType . '_scopes');
                 if ($cachedScopeData !== false) {
-                    $this->availableDataScopes = unserialize($cachedScopeData);
+                    $this->availableDataScopes = unserialize(
+                        $this->encryptor->decrypt($cachedScopeData)
+                    );
                 }
             }
             if (is_array($this->availableDataScopes) && !isset($this->availableDataScopes[$scopeType][$scopeId])) {
@@ -241,7 +258,13 @@ private function loadScopeData($scopeType, $scopeId)
             $data = $this->reader->read();
             $this->cacheData($data);
         } else {
-            $data = [$scopeType => [$scopeId => unserialize($cachedData)]];
+            $data = [
+                $scopeType => [
+                    $scopeId => unserialize(
+                        $this->encryptor->decrypt($cachedData)
+                    )
+                ]
+            ];
         }
 
         return $data;
@@ -257,12 +280,12 @@ private function loadScopeData($scopeType, $scopeId)
     private function cacheData(array $data)
     {
         $this->cache->save(
-            serialize($data),
+            $this->encryptor->encrypt(serialize($data)),
             $this->configType,
             [self::CACHE_TAG]
         );
         $this->cache->save(
-            serialize($data['default']),
+            $this->encryptor->encrypt(serialize($data['default'])),
             $this->configType . '_default',
             [self::CACHE_TAG]
         );
@@ -271,14 +294,14 @@ private function cacheData(array $data)
             foreach ($data[$curScopeType] as $curScopeId => $curScopeData) {
                 $scopes[$curScopeType][$curScopeId] = 1;
                 $this->cache->save(
-                    serialize($curScopeData),
+                    $this->encryptor->encrypt(serialize($curScopeData)),
                     $this->configType . '_' . $curScopeType . '_' . $curScopeId,
                     [self::CACHE_TAG]
                 );
             }
         }
         $this->cache->save(
-            serialize($scopes),
+            $this->encryptor->encrypt(serialize($scopes)),
             $this->configType . "_scopes",
             [self::CACHE_TAG]
         );

app/code/Magento/Config/Test/Unit/App/Config/Type/SystemTest.php

@@ -11,6 +11,7 @@
 use Magento\Framework\App\Config\Spi\PostProcessorInterface;
 use Magento\Framework\App\Config\Spi\PreProcessorInterface;
 use Magento\Framework\Cache\FrontendInterface;
+use Magento\Framework\Encryption\EncryptorInterface;
 use Magento\Store\Model\Config\Processor\Fallback;
 use Magento\Config\App\Config\Type\System\Reader;
 
@@ -55,6 +56,11 @@ class SystemTest extends \PHPUnit_Framework_TestCase
      */
     private $reader;
 
+    /**
+     * @var EncryptorInterface|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private $encryptorMock;
+
     public function setUp()
     {
         $this->source = $this->getMockBuilder(ConfigSourceInterface::class)
@@ -71,6 +77,9 @@ public function setUp()
         $this->reader = $this->getMockBuilder(Reader::class)
             ->disableOriginalConstructor()
             ->getMock();
+        $this->encryptorMock = $this->getMockBuilder(EncryptorInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
 
         $this->configType = new System(
             $this->source,
@@ -80,7 +89,8 @@ public function setUp()
             $this->preProcessor,
             1,
             'system',
-            $this->reader
+            $this->reader,
+            $this->encryptorMock
         );
     }
 
@@ -99,6 +109,9 @@ public function testGetCachedWithLoadDefaultScopeData()
         $this->cache->expects($this->once())
             ->method('load')
             ->willReturn(serialize($data));
+        $this->encryptorMock->expects($this->once())
+            ->method('decrypt')
+            ->willReturnArgument(0);
         $this->assertEquals($url, $this->configType->get($path));
     }
 
@@ -116,6 +129,9 @@ public function testGetCachedWithLoadAllData()
         $this->cache->expects($this->once())
             ->method('load')
             ->willReturn(serialize($data));
+        $this->encryptorMock->expects($this->once())
+            ->method('decrypt')
+            ->willReturnArgument(0);
         $this->assertEquals($data, $this->configType->get(''));
     }
 
@@ -147,6 +163,9 @@ public function testGetNotCached()
         $this->reader->expects($this->once())
             ->method('read')
             ->willReturn($data);
+        $this->encryptorMock->expects($this->atLeastOnce())
+            ->method('encrypt')
+            ->willReturnArgument(0);
 
         $this->assertEquals($url, $this->configType->get($path));
     }

app/code/Magento/PageCache/Model/System/Config/Backend/AccessList.php

@@ -0,0 +1,35 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\PageCache\Model\System\Config\Backend;
+
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\Phrase;
+
+/**
+ * Access List config field.
+ */
+class AccessList extends Varnish
+{
+    /**
+     * @inheritDoc
+     */
+    public function beforeSave()
+    {
+        parent::beforeSave();
+
+        $value = $this->getValue();
+        if (!is_string($value) || !preg_match('/^[\w\s\.\-\,\:]+$/', $value)) {
+            throw new LocalizedException(
+                new Phrase(
+                    'Access List value "%1" is not valid. '
+                    .'Please use only IP addresses and host names.',
+                    [$value]
+                )
+            );
+        }
+    }
+}