Merge remote-tracking branch 'origin/MC-39852' into 2.4-develop-pr117

Author: zakdma

app/code/Magento/Customer/Controller/Adminhtml/Address/Viewfile.php

@@ -0,0 +1,180 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Controller\Adminhtml\Address;
+
+use Magento\Customer\Api\AddressMetadataInterface;
+use Magento\Framework\Exception\NotFoundException;
+use Magento\Framework\App\Filesystem\DirectoryList;
+use Magento\Framework\Controller\Result\RawFactory;
+use Magento\Framework\Url\DecoderInterface;
+use Magento\Framework\Controller\ResultInterface;
+use Magento\Framework\Filesystem;
+use Magento\Framework\Controller\Result\Raw;
+use Magento\MediaStorage\Helper\File\Storage;
+use Magento\Framework\App\Response\Http\FileFactory;
+use Magento\Framework\Filesystem\Io\File as IoFile;
+use Magento\Backend\App\Action\Context;
+use Magento\Framework\App\Action\HttpGetActionInterface;
+use Magento\Backend\App\Action;
+
+/**
+ * Class Viewfile serves to show file or image by file/image name provided in request parameters.
+ */
+class Viewfile extends Action implements HttpGetActionInterface
+{
+    /**
+     * Authorization level of a basic admin session
+     */
+    const ADMIN_RESOURCE = 'Magento_Customer::manage';
+
+    /**
+     * @var RawFactory
+     */
+    private $resultRawFactory;
+
+    /**
+     * @var DecoderInterface
+     */
+    private $urlDecoder;
+
+    /**
+     * @var Filesystem
+     */
+    private $filesystem;
+
+    /**
+     * @var Storage
+     */
+    private $storage;
+
+    /**
+     * @var FileFactory
+     */
+    private $fileFactory;
+
+    /**
+     * @var IoFile
+     */
+    private $ioFile;
+
+    /**
+     * @param Context $context
+     * @param FileFactory $fileFactory
+     * @param RawFactory $resultRawFactory
+     * @param DecoderInterface $urlDecoder
+     * @param Filesystem $filesystem
+     * @param Storage $storage
+     * @param IoFile $ioFile
+     */
+    public function __construct(
+        Context $context,
+        FileFactory $fileFactory,
+        RawFactory $resultRawFactory,
+        DecoderInterface $urlDecoder,
+        Filesystem $filesystem,
+        Storage $storage,
+        IoFile $ioFile
+    ) {
+        parent::__construct($context);
+        $this->resultRawFactory = $resultRawFactory;
+        $this->urlDecoder  = $urlDecoder;
+        $this->filesystem = $filesystem;
+        $this->storage = $storage;
+        $this->fileFactory = $fileFactory;
+        $this->ioFile = $ioFile;
+    }
+
+    /**
+     * Customer address view file action
+     *
+     * @return ResultInterface|void
+     * @throws NotFoundException
+     */
+    public function execute()
+    {
+        list($file, $plain) = $this->getFileParams();
+
+        $directory = $this->filesystem->getDirectoryRead(DirectoryList::MEDIA);
+        $fileName = AddressMetadataInterface::ENTITY_TYPE_ADDRESS . DIRECTORY_SEPARATOR .
+            ltrim($file, DIRECTORY_SEPARATOR);
+        $path = $directory->getAbsolutePath($fileName);
+        if (mb_strpos($path, '..') !== false
+            || (!$directory->isFile($fileName) && !$this->storage->processStorageFile($path))
+        ) {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
+        $pathInfo = $this->ioFile->getPathInfo($path);
+        if ($plain) {
+            $extension = $pathInfo['extension'];
+            switch (strtolower($extension)) {
+                case 'gif':
+                    $contentType = 'image/gif';
+                    break;
+                case 'jpg':
+                    $contentType = 'image/jpeg';
+                    break;
+                case 'png':
+                    $contentType = 'image/png';
+                    break;
+                default:
+                    $contentType = 'application/octet-stream';
+                    break;
+            }
+            $stat = $directory->stat($fileName);
+            $contentLength = $stat['size'];
+            $contentModify = $stat['mtime'];
+
+            /** @var Raw $resultRaw */
+            $resultRaw = $this->resultRawFactory->create();
+            $resultRaw->setHttpResponseCode(200)
+                ->setHeader('Pragma', 'public', true)
+                ->setHeader('Content-type', $contentType, true)
+                ->setHeader('Content-Length', $contentLength)
+                ->setHeader('Last-Modified', date('r', $contentModify));
+            $resultRaw->setContents($directory->readFile($fileName));
+
+            return $resultRaw;
+        } else {
+            $name = $pathInfo['basename'];
+            $this->fileFactory->create(
+                $name,
+                ['type' => 'filename', 'value' => $fileName],
+                DirectoryList::MEDIA
+            );
+        }
+    }
+
+    /**
+     * Get parameters from request.
+     *
+     * @return array
+     * @throws NotFoundException
+     */
+    private function getFileParams() : array
+    {
+        $file = null;
+        $plain = false;
+        if ($this->getRequest()->getParam('file')) {
+            // download file
+            $file = $this->urlDecoder->decode(
+                $this->getRequest()->getParam('file')
+            );
+        } elseif ($this->getRequest()->getParam('image')) {
+            // show plain image
+            $file = $this->urlDecoder->decode(
+                $this->getRequest()->getParam('image')
+            );
+            $plain = true;
+        } else {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
+        return [$file, $plain];
+    }
+}

app/code/Magento/Customer/Model/FileProcessor.php

@@ -158,9 +158,10 @@ public function getViewUrl($filePath, $type)
         $viewUrl = '';
 
         if ($this->entityTypeCode == AddressMetadataInterface::ENTITY_TYPE_ADDRESS) {
-            $filePath = $this->entityTypeCode . '/' . ltrim($filePath, '/');
-            $viewUrl = $this->urlBuilder->getBaseUrl(['_type' => UrlInterface::URL_TYPE_MEDIA])
-                . $this->mediaDirectory->getRelativePath($filePath);
+            $viewUrl = $this->urlBuilder->getUrl(
+                'customer/address/viewfile',
+                [$type => $this->urlEncoder->encode(ltrim($filePath, '/'))]
+            );
         }
 
         if ($this->entityTypeCode == CustomerMetadataInterface::ENTITY_TYPE_CUSTOMER) {

app/code/Magento/Customer/Test/Unit/Model/FileProcessorTest.php

@@ -162,22 +162,22 @@ public function testGetViewUrlCustomer()
     public function testGetViewUrlCustomerAddress()
     {
         $filePath = 'filename.ext1';
+        $encodedFilePath = 'encodedfilenameext1';
 
-        $baseUrl = 'baseUrl';
-        $relativeUrl = 'relativeUrl';
+        $fileUrl = 'fileUrl';
 
-        $this->urlBuilder->expects($this->once())
-            ->method('getBaseUrl')
-            ->with(['_type' => UrlInterface::URL_TYPE_MEDIA])
-            ->willReturn($baseUrl);
+        $this->urlEncoder->expects($this->once())
+            ->method('encode')
+            ->with($filePath)
+            ->willReturn($encodedFilePath);
 
-        $this->mediaDirectory->expects($this->once())
-            ->method('getRelativePath')
-            ->with(AddressMetadataInterface::ENTITY_TYPE_ADDRESS . '/' . $filePath)
-            ->willReturn($relativeUrl);
+        $this->urlBuilder->expects($this->once())
+            ->method('getUrl')
+            ->with('customer/address/viewfile', ['image' => $encodedFilePath])
+            ->willReturn($fileUrl);
 
         $model = $this->getModel(AddressMetadataInterface::ENTITY_TYPE_ADDRESS);
-        $this->assertEquals($baseUrl . $relativeUrl, $model->getViewUrl($filePath, 'image'));
+        $this->assertEquals($fileUrl, $model->getViewUrl($filePath, 'image'));
     }
 
     public function testRemoveUploadedFile()

pub/media/customer_address/.htaccess

@@ -0,0 +1,7 @@
+<IfVersion < 2.4>
+    order allow,deny
+    deny from all
+</IfVersion>
+<IfVersion >= 2.4>
+    Require all denied
+</IfVersion>