Merge branch 2.3-develop into ENGCOM-5159-magento-magento2-21831

Author: magento-engcom-team

SECURITY.md

@@ -0,0 +1,10 @@
+# Reporting Security Issues
+
+Magento values the contributions of the security research community, and we look forward to working with you to minimize risk to Magento merchants. 
+
+## Where should I report security issues?
+
+We strongly encourage you to report all security issues privately via our [bug bounty program](https://hackerone.com/magento).  Please provide us with relevant technical details and repro steps to expedite our investigation.  If you prefer not to use HackerOne, email us directly at `psirt@adobe.com` with details and repro steps.  
+
+## Learning More About Security
+To learn more about securing a Magento store, please visit the [Security Center](https://magento.com/security).

app/code/Magento/AdminNotification/view/adminhtml/templates/system/messages/popup.phtml

@@ -27,4 +27,4 @@
             }
         }
     }
-</script>
+</script>

app/code/Magento/AdvancedSearch/view/adminhtml/templates/system/config/testconnection.phtml

@@ -6,10 +6,10 @@
 // @codingStandardsIgnoreFile
 ?>
 <button class="scalable" type="button" id="<?= $block->getHtmlId() ?>" data-mage-init='{"testConnection":{
-    "url": "<?= /* @escapeNotVerified */ $block->getAjaxUrl() ?>",
+    "url": "<?= $block->escapeUrl($block->getAjaxUrl()) ?>",
     "elementId": "<?= $block->getHtmlId() ?>",
-    "successText": "<?= /* @escapeNotVerified */ __('Successful! Test again?') ?>",
-    "failedText": "<?= /* @escapeNotVerified */ __('Connection failed! Test again?') ?>",
-    "fieldMapping": "<?= /* @escapeNotVerified */ $block->getFieldMapping() ?>"}, "validation": {}}'>
+    "successText": "<?= $block->escapeHtmlAttr(__('Successful! Test again?')) ?>",
+    "failedText": "<?= $block->escapeHtmlAttr(__('Connection failed! Test again?')) ?>",
+    "fieldMapping": "<?= /* @noEscape */ $block->getFieldMapping() ?>"}, "validation": {}}'>
     <span><span><span id="<?= $block->getHtmlId() ?>_result"><?= $block->escapeHtml($block->getButtonLabel()) ?></span></span></span>
 </button>

app/code/Magento/AdvancedSearch/view/frontend/templates/search_data.phtml

@@ -13,13 +13,13 @@
 $data = $block->getItems();
 if (count($data)):?>
     <dl class="block">
-        <dt class="title"><?= /* @escapeNotVerified */ __($block->getTitle()) ?></dt>
+        <dt class="title"><?= $block->escapeHtml(__($block->getTitle())) ?></dt>
         <?php foreach ($data as $additionalInfo) : ?>
             <dd class="item">
-                <a href="<?= /* @escapeNotVerified */ $block->getLink($additionalInfo->getQueryText()) ?>"
+                <a href="<?= $block->escapeUrl($block->getLink($additionalInfo->getQueryText())) ?>"
                     ><?= $block->escapeHtml($additionalInfo->getQueryText()) ?></a>
                 <?php if ($block->isShowResultsCount()): ?>
-                    <span class="count"><?= /* @escapeNotVerified */ $additionalInfo->getResultsCount() ?></span>
+                    <span class="count"><?= /* @noEscape */ (int)$additionalInfo->getResultsCount() ?></span>
                 <?php endif; ?>
             </dd>
         <?php endforeach; ?>

app/code/Magento/AuthorizenetGraphQl/Model/AuthorizenetDataProvider.php

@@ -0,0 +1,62 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\AuthorizenetGraphQl\Model;
+
+use Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderInterface;
+use Magento\Framework\Stdlib\ArrayManager;
+use Magento\Framework\GraphQL\DataObjectConverter;
+
+/**
+ * DataProvider Model for Authorizenet
+ */
+class AuthorizenetDataProvider implements AdditionalDataProviderInterface
+{
+    private const PATH_ADDITIONAL_DATA = 'input/payment_method/additional_data/authorizenet_acceptjs';
+
+    /**
+     * @var ArrayManager
+     */
+    private $arrayManager;
+
+    /**
+     * AuthorizenetDataProvider constructor.
+     * @param ArrayManager $arrayManager
+     */
+    public function __construct(
+        ArrayManager $arrayManager
+    ) {
+        $this->arrayManager = $arrayManager;
+    }
+
+    /**
+     * Return additional data
+     *
+     * @param array $args
+     * @return array
+     */
+    public function getData(array $args): array
+    {
+        $additionalData = $this->arrayManager->get(static::PATH_ADDITIONAL_DATA, $args) ?? [];
+        foreach ($additionalData as $key => $value) {
+            $additionalData[$this->snakeCaseToCamelCase($key)] = $value;
+            unset($additionalData[$key]);
+        }
+        return $additionalData;
+    }
+
+    /**
+     * Converts an input string from snake_case to camelCase.
+     *
+     * @param string $input
+     * @return string
+     */
+    private function snakeCaseToCamelCase($input)
+    {
+        return lcfirst(str_replace('_', '', ucwords($input, '_')));
+    }
+}

app/code/Magento/AuthorizenetGraphQl/README.md

@@ -0,0 +1,3 @@
+# AuthorizenetGraphQl
+
+ **AuthorizenetGraphQl** defines the data types needed to pass payment information data from the client to Magento.

app/code/Magento/AuthorizenetGraphQl/composer.json

@@ -0,0 +1,25 @@
+{
+    "name": "magento/module-authorizenet-graph-ql",
+    "description": "N/A",
+    "type": "magento2-module",
+    "require": {
+        "php": "~7.1.3||~7.2.0",
+        "magento/framework": "*",
+        "magento/module-quote-graph-ql": "*"
+    },
+    "suggest": {
+        "magento/module-graph-ql": "*"
+    },
+    "license": [
+        "OSL-3.0",
+        "AFL-3.0"
+    ],
+    "autoload": {
+        "files": [
+            "registration.php"
+        ],
+        "psr-4": {
+            "Magento\\AuthorizenetGraphQl\\": ""
+        }
+    }
+}

app/code/Magento/AuthorizenetGraphQl/etc/graphql/di.xml

@@ -0,0 +1,16 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:ObjectManager/etc/config.xsd">
+    <type name="Magento\QuoteGraphQl\Model\Cart\Payment\AdditionalDataProviderPool">
+        <arguments>
+            <argument name="dataProviders" xsi:type="array">
+                <item name="authorizenet_acceptjs" xsi:type="object">Magento\AuthorizenetGraphQl\Model\AuthorizenetDataProvider</item>
+            </argument>
+        </arguments>
+    </type>
+</config>

app/code/Magento/AuthorizenetGraphQl/etc/module.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<!--
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+-->
+<config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
+    <module name="Magento_AuthorizenetGraphQl"/>
+</config>

app/code/Magento/AuthorizenetGraphQl/etc/schema.graphqls

@@ -0,0 +1,12 @@
+# Copyright © Magento, Inc. All rights reserved.
+# See COPYING.txt for license details.
+
+input PaymentMethodAdditionalDataInput {
+    authorizenet_acceptjs: AuthorizenetInput @doc(description: "Defines the required attributes for Authorize.Net payments")
+}
+
+input AuthorizenetInput {
+    opaque_data_descriptor: String! @doc(description: "Authorize.Net's description of the transaction request")
+    opaque_data_value: String! @doc(description: "The nonce returned by Authorize.Net")
+    cc_last_4: Int! @doc(description: "The last four digits of the credit or debit card")
+}