Merge pull request #2753 from magento-qwerty/2.2.6-bugfixes-210618

Fixed issues:
- MAGETWO-88592: [Backport for 2.2.x] Deleting Stores
- MAGETWO-81470: [Backport for 2.2.x] Cached Config is Different From DB
- MAGETWO-92200: Some Underscore templates are broken
- MAGETWO-88655: [Backport for 2.2.x] Sales Rule Widget Label

Author: dvoskoboinikov

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteGroupPost.php

@@ -7,19 +7,28 @@
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\App\Request\Http as HttpRequest;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteGroupPost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
 
+        $itemId = $request->getParam('item_id');
         if (!($model = $this->_objectManager->create(\Magento\Store\Model\Group::class)->load($itemId))) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteStorePost.php

@@ -6,21 +6,31 @@
  */
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
+use Magento\Framework\App\Request\Http as HttpRequest;
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteStorePost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * Delete store view post action
      *
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
+
+        $itemId = $request->getParam('item_id');
         if (!($model = $this->_objectManager->create(\Magento\Store\Model\Store::class)->load($itemId))) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Backend/Controller/Adminhtml/System/Store/DeleteWebsitePost.php

@@ -7,21 +7,30 @@
 namespace Magento\Backend\Controller\Adminhtml\System\Store;
 
 use Magento\Framework\Controller\ResultFactory;
+use Magento\Framework\App\Request\Http as HttpRequest;
+use Magento\Framework\Exception\NotFoundException;
 
 class DeleteWebsitePost extends \Magento\Backend\Controller\Adminhtml\System\Store
 {
     /**
      * @return \Magento\Backend\Model\View\Result\Redirect
+     * @throws NotFoundException
      */
     public function execute()
     {
-        $itemId = $this->getRequest()->getParam('item_id');
-        $model = $this->_objectManager->create(\Magento\Store\Model\Website::class);
-        $model->load($itemId);
-
+        /** @var HttpRequest $request */
+        $request = $this->getRequest();
         /** @var \Magento\Backend\Model\View\Result\Redirect $redirectResult */
-        $redirectResult = $this->resultFactory->create(ResultFactory::TYPE_REDIRECT);
+        $redirectResult = $this->resultFactory->create(
+            ResultFactory::TYPE_REDIRECT
+        );
+        if (!$request->isPost()) {
+            throw new NotFoundException(__('Page not found.'));
+        }
 
+        $itemId = $request->getParam('item_id');
+        $model = $this->_objectManager->create(\Magento\Store\Model\Website::class);
+        $model->load($itemId);
         if (!$model) {
             $this->messageManager->addError(__('Something went wrong. Please try again.'));
             return $redirectResult->setPath('adminhtml/*/');

app/code/Magento/Backend/view/adminhtml/templates/system/search.phtml

@@ -39,7 +39,7 @@
             <% if (data.items.length) { %>
             <% _.each(data.items, function(value){ %>
             <li class="item"
-                <%- data.optionData(value) %>
+                <%= data.optionData(value) %>
                 >
                 <a href="<%- value.url %>" class="title"><%- value.name %></a>
                 <span class="type"><%- value.type %></span>

app/code/Magento/Catalog/view/adminhtml/templates/catalog/product/edit/attribute_set.phtml

@@ -14,7 +14,7 @@
 <% } %>
 <ul data-mage-init='{"menu":[]}'>
     <% _.each(data.items, function(value) { %>
-    <li <%- data.optionData(value) %>><a href="#"><%- value.label %></a></li>
+    <li <%= data.optionData(value) %>><a href="#"><%- value.label %></a></li>
     <% }); %>
 </ul>
 <% if (!data.term && data.items.length && !data.allShown()) { %>

app/code/Magento/Config/App/Config/Type/System.php

@@ -8,6 +8,8 @@
 use Magento\Framework\App\Config\ConfigTypeInterface;
 use Magento\Framework\App\ObjectManager;
 use Magento\Config\App\Config\Type\System\Reader;
+use Magento\Framework\Serialize\Serializer\Sensitive as SensitiveSerializer;
+use Magento\Framework\Serialize\Serializer\SensitiveFactory as SensitiveSerializerFactory;
 
 /**
  * System configuration type
@@ -56,7 +58,7 @@ class System implements ConfigTypeInterface
     private $fallback;
 
     /**
-     * @var \Magento\Framework\Serialize\SerializerInterface
+     * @var SensitiveSerializer
      */
     private $serializer;
 
@@ -91,6 +93,9 @@ class System implements ConfigTypeInterface
      * @param int $cachingNestedLevel
      * @param string $configType
      * @param Reader $reader
+     * @param SensitiveSerializerFactory|null $sensitiveFactory
+     *
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
         \Magento\Framework\App\Config\ConfigSourceInterface $source,
@@ -101,17 +106,25 @@ public function __construct(
         \Magento\Framework\App\Config\Spi\PreProcessorInterface $preProcessor,
         $cachingNestedLevel = 1,
         $configType = self::CONFIG_TYPE,
-        Reader $reader = null
+        Reader $reader = null,
+        SensitiveSerializerFactory $sensitiveFactory = null
     ) {
         $this->source = $source;
         $this->postProcessor = $postProcessor;
         $this->preProcessor = $preProcessor;
         $this->cache = $cache;
         $this->cachingNestedLevel = $cachingNestedLevel;
         $this->fallback = $fallback;
-        $this->serializer = $serializer;
         $this->configType = $configType;
-        $this->reader = $reader ?: ObjectManager::getInstance()->get(Reader::class);
+        $this->reader = $reader ?: ObjectManager::getInstance()
+            ->get(Reader::class);
+        $sensitiveFactory = $sensitiveFactory ?? ObjectManager::getInstance()
+                ->get(SensitiveSerializerFactory::class);
+        //Using sensitive serializer because any kind of information may
+        //be stored in configs.
+        $this->serializer = $sensitiveFactory->create(
+            ['serializer' => $serializer]
+        );
     }
 
     /**

app/code/Magento/Config/Test/Unit/App/Config/Type/SystemTest.php

@@ -11,6 +11,8 @@
 use Magento\Framework\App\Config\Spi\PostProcessorInterface;
 use Magento\Framework\App\Config\Spi\PreProcessorInterface;
 use Magento\Framework\Cache\FrontendInterface;
+use Magento\Framework\Serialize\Serializer\Sensitive;
+use Magento\Framework\Serialize\Serializer\SensitiveFactory;
 use Magento\Framework\Serialize\SerializerInterface;
 use Magento\Store\Model\Config\Processor\Fallback;
 use Magento\Config\App\Config\Type\System\Reader;
@@ -74,22 +76,34 @@ public function setUp()
             ->getMockForAbstractClass();
         $this->preProcessor = $this->getMockBuilder(PreProcessorInterface::class)
             ->getMockForAbstractClass();
-        $this->serializer = $this->getMockBuilder(SerializerInterface::class)
+        $this->serializer = $this->getMockBuilder(Sensitive::class)
+            ->disableOriginalConstructor()
             ->getMock();
         $this->reader = $this->getMockBuilder(Reader::class)
             ->disableOriginalConstructor()
             ->getMock();
+        $sensitiveFactory = $this->getMockBuilder(SensitiveFactory::class)
+            ->disableOriginalConstructor()
+            ->getMock();
+        $sensitiveFactory->expects($this->any())
+            ->method('create')
+            ->willReturn($this->serializer);
+        /** @var SerializerInterface|\PHPUnit_Framework_MockObject_MockObject $serializerMock */
+        $serializerMock = $this->getMockBuilder(SerializerInterface::class)
+            ->disableOriginalConstructor()
+            ->getMock();
 
         $this->configType = new System(
             $this->source,
             $this->postProcessor,
             $this->fallback,
             $this->cache,
-            $this->serializer,
+            $serializerMock,
             $this->preProcessor,
             1,
             'system',
-            $this->reader
+            $this->reader,
+            $sensitiveFactory
         );
     }
 
@@ -133,49 +147,4 @@ public function testGetCachedWithLoadAllData()
             ->willReturn($data);
         $this->assertEquals($data, $this->configType->get(''));
     }
-
-    public function testGetNotCached()
-    {
-        $path = 'stores/default/dev/unsecure/url';
-        $url = 'http://magento.test/';
-
-        $dataToCache = [
-            'unsecure' => [
-                'url' => $url
-            ]
-        ];
-        $data = [
-            'default' => [],
-            'websites' => [],
-            'stores' => [
-                'default' => [
-                    'dev' => [
-                        'unsecure' => [
-                            'url' => $url
-                        ]
-                    ]
-                ]
-            ]
-        ];
-        $this->cache->expects($this->any())
-            ->method('load')
-            ->willReturnOnConsecutiveCalls(false, false);
-
-        $this->serializer->expects($this->atLeastOnce())
-            ->method('serialize')
-            ->willReturn(serialize($dataToCache));
-        $this->cache->expects($this->atLeastOnce())
-            ->method('save')
-            ->willReturnSelf();
-        $this->reader->expects($this->once())
-            ->method('read')
-            ->willReturn($data);
-        $this->postProcessor->expects($this->once())
-            ->method('process')
-            ->with($data)
-            ->willReturn($data);
-
-        $this->assertEquals($url, $this->configType->get($path));
-        $this->assertEquals($url, $this->configType->get($path));
-    }
 }

app/code/Magento/SalesRule/Block/Adminhtml/Promo/Widget/Chooser.php

@@ -87,7 +87,7 @@ public function prepareElementHtml(\Magento\Framework\Data\Form\Element\Abstract
         if ($element->getValue()) {
             $rule = $this->ruleFactory->create()->load((int)$element->getValue());
             if ($rule->getId()) {
-                $chooser->setLabel($rule->getName());
+                $chooser->setLabel($this->escapeHtml($rule->getName()));
             }
         }
 

lib/internal/Magento/Framework/Serialize/Serializer/Sensitive.php

@@ -0,0 +1,63 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Framework\Serialize\Serializer;
+
+use Magento\Framework\Encryption\EncryptorInterface;
+use Magento\Framework\Serialize\SerializerInterface;
+
+/**
+ * Used to serialize sensitive data.
+ */
+class Sensitive implements SerializerInterface
+{
+    /**
+     * @var EncryptorInterface
+     */
+    private $encryptor;
+
+    /**
+     * @var SerializerInterface
+     */
+    private $serializer;
+
+    /**
+     * @param EncryptorInterface $encryptor
+     * @param SerializerInterface $serializer
+     */
+    public function __construct(
+        EncryptorInterface $encryptor,
+        SerializerInterface $serializer
+    ) {
+        $this->encryptor = $encryptor;
+        $this->serializer = $serializer;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function serialize($data)
+    {
+        $serialized = $this->serializer->serialize($data);
+        if (is_string($serialized)) {
+            $serialized = $this->encryptor->encrypt($serialized);
+        }
+
+        return $serialized;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    public function unserialize($string)
+    {
+        $string = $this->encryptor->decrypt($string);
+
+        return $this->serializer->unserialize($string);
+    }
+}