Merge remote-tracking branch 'origin/MAGETWO-98155' into 2.1.18-develop-pr68

Author: zakdma

lib/internal/Magento/Framework/Filter/Template.php

@@ -60,13 +60,13 @@ class Template implements \Zend_Filter_Interface
      * @var string[]
      */
     private $restrictedMethods = [
-        'addafterfiltercallback',
         'getresourcecollection',
         'load',
         'save',
         'getcollection',
         'getresource',
         'getconfig',
+        'delete',
     ];
 
     /**
@@ -314,25 +314,6 @@ protected function getParameters($value)
         return $params;
     }
 
-    /**
-     * Validate method call initiated in a template.
-     *
-     * Deny calls for methods that may disrupt template processing.
-     *
-     * @param object $object
-     * @param string $method
-     * @return void
-     * @throws \InvalidArgumentException
-     */
-    private function validateVariableMethodCall($object, $method)
-    {
-        if ($object === $this) {
-            if (in_array(mb_strtolower($method), $this->restrictedMethods)) {
-                throw new \InvalidArgumentException("Method $method cannot be called from template.");
-            }
-        }
-    }
-
     /**
      * Check allowed methods for data objects.
      *
@@ -402,19 +383,6 @@ protected function getVariable($value, $default = '{no_value_defined}')
                     }
                 }
                 $last = $i;
-            } elseif (isset($stackVars[$i - 1]['variable'])
-                      && is_object($stackVars[$i - 1]['variable'])
-                      && $stackVars[$i]['type'] == 'method'
-            ) {
-                // Calling object methods
-                $object = $stackVars[$i - 1]['variable'];
-                $method = $stackVars[$i]['name'];
-                if (method_exists($object, $method)) {
-                    $args = $this->getStackArgs($stackVars[$i]['args']);
-                    $this->validateVariableMethodCall($object, $method);
-                    $stackVars[$i]['variable'] = call_user_func_array([$object, $method], $args);
-                }
-                $last = $i;
             }
         }
 

lib/internal/Magento/Framework/Filter/Test/Unit/TemplateTest.php

@@ -230,6 +230,7 @@ public function disallowedMethods()
             ['getCollection'],
             ['getResource'],
             ['getConfig'],
+            ['delete'],
         ];
     }
 }