Merge remote-tracking branch 'origin/MC-17320' into borg-security-2.2

Author: nathanjosiah

app/code/Magento/Cms/Controller/Adminhtml/Page/InlineEdit.php

@@ -56,6 +56,8 @@ public function __construct(
     }
 
     /**
+     * Process the request
+     *
      * @return \Magento\Framework\Controller\ResultInterface
      * @throws \Magento\Framework\Exception\LocalizedException
      */
@@ -68,10 +70,12 @@ public function execute()
 
         $postItems = $this->getRequest()->getParam('items', []);
         if (!($this->getRequest()->getParam('isAjax') && count($postItems))) {
-            return $resultJson->setData([
-                'messages' => [__('Please correct the data sent.')],
-                'error' => true,
-            ]);
+            return $resultJson->setData(
+                [
+                    'messages' => [__('Please correct the data sent.')],
+                    'error' => true,
+                ]
+            );
         }
 
         foreach (array_keys($postItems) as $pageId) {
@@ -98,10 +102,12 @@ public function execute()
             }
         }
 
-        return $resultJson->setData([
-            'messages' => $messages,
-            'error' => $error
-        ]);
+        return $resultJson->setData(
+            [
+                'messages' => $messages,
+                'error' => $error
+            ]
+        );
     }
 
     /**
@@ -131,7 +137,7 @@ protected function filterPost($postData = [])
      */
     protected function validatePost(array $pageData, \Magento\Cms\Model\Page $page, &$error, array &$messages)
     {
-        if (!($this->dataProcessor->validate($pageData) && $this->dataProcessor->validateRequireEntry($pageData))) {
+        if (!$this->dataProcessor->validateRequireEntry($pageData)) {
             $error = true;
             foreach ($this->messageManager->getMessages(true)->getItems() as $error) {
                 $messages[] = $this->getErrorWithPageId($page, $error->getText());

app/code/Magento/Cms/Controller/Adminhtml/Page/PostDataProcessor.php

@@ -12,8 +12,7 @@
 use Magento\Framework\Config\Dom\ValidationSchemaException;
 
 /**
- * Class PostDataProcessor
- * @package Magento\Cms\Controller\Adminhtml\Page
+ * Processes form data
  */
 class PostDataProcessor
 {
@@ -80,6 +79,7 @@ public function filter($data)
      *
      * @param array $data
      * @return bool     Return FALSE if some item is invalid
+     * @deprecated
      */
     public function validate($data)
     {

app/code/Magento/Cms/Controller/Adminhtml/Page/Save.php

@@ -104,10 +104,6 @@ public function execute()
                 ['page' => $model, 'request' => $this->getRequest()]
             );
 
-            if (!$this->dataProcessor->validate($data)) {
-                return $resultRedirect->setPath('*/*/edit', ['page_id' => $model->getId(), '_current' => true]);
-            }
-
             try {
                 $this->pageRepository->save($model);
                 $this->messageManager->addSuccessMessage(__('You saved the page.'));

app/code/Magento/Cms/Model/PageRepository/ValidationComposite.php

@@ -0,0 +1,92 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Cms\Model\PageRepository;
+
+use Magento\Cms\Api\Data\PageInterface;
+use Magento\Cms\Api\PageRepositoryInterface;
+use Magento\Framework\Api\SearchCriteriaInterface;
+
+/**
+ * Validates and saves a page
+ */
+class ValidationComposite implements PageRepositoryInterface
+{
+    /**
+     * @var PageRepositoryInterface
+     */
+    private $repository;
+
+    /**
+     * @var array
+     */
+    private $validators;
+
+    /**
+     * @param PageRepositoryInterface $repository
+     * @param ValidatorInterface[] $validators
+     */
+    public function __construct(
+        PageRepositoryInterface $repository,
+        array $validators = []
+    ) {
+        foreach ($validators as $validator) {
+            if (!$validator instanceof ValidatorInterface) {
+                throw new \InvalidArgumentException(
+                    sprintf('Supplied validator does not implement %s', ValidatorInterface::class)
+                );
+            }
+        }
+        $this->repository = $repository;
+        $this->validators = $validators;
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function save(PageInterface $page)
+    {
+        foreach ($this->validators as $validator) {
+            $validator->validate($page);
+        }
+
+        return $this->repository->save($page);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getById($pageId)
+    {
+        return $this->repository->getById($pageId);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function getList(SearchCriteriaInterface $searchCriteria)
+    {
+        return $this->repository->getList($searchCriteria);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function delete(PageInterface $page)
+    {
+        return $this->repository->delete($page);
+    }
+
+    /**
+     * @inheritdoc
+     */
+    public function deleteById($pageId)
+    {
+        return $this->repository->deleteById($pageId);
+    }
+}

app/code/Magento/Cms/Model/PageRepository/Validator/LayoutUpdateValidator.php

@@ -0,0 +1,132 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Cms\Model\PageRepository\Validator;
+
+use Magento\Cms\Api\Data\PageInterface;
+use Magento\Cms\Model\PageRepository\ValidatorInterface;
+use Magento\Framework\Config\Dom\ValidationException;
+use Magento\Framework\Config\Dom\ValidationSchemaException;
+use Magento\Framework\Config\ValidationStateInterface;
+use Magento\Framework\Exception\LocalizedException;
+use Magento\Framework\View\Model\Layout\Update\Validator;
+use Magento\Framework\View\Model\Layout\Update\ValidatorFactory;
+
+/**
+ * Validate a given page
+ */
+class LayoutUpdateValidator implements ValidatorInterface
+{
+    /**
+     * @var ValidatorFactory
+     */
+    private $validatorFactory;
+
+    /**
+     * @var ValidationStateInterface
+     */
+    private $validationState;
+
+    /**
+     * @param ValidatorFactory $validatorFactory
+     * @param ValidationStateInterface $validationState
+     */
+    public function __construct(
+        ValidatorFactory $validatorFactory,
+        ValidationStateInterface $validationState
+    ) {
+        $this->validatorFactory = $validatorFactory;
+        $this->validationState = $validationState;
+    }
+
+    /**
+     * Validate the data before saving
+     *
+     * @param PageInterface $page
+     * @throws LocalizedException
+     */
+    public function validate(PageInterface $page)
+    {
+        $this->validateRequiredFields($page);
+        $this->validateLayoutUpdate($page);
+        $this->validateCustomLayoutUpdate($page);
+    }
+
+    /**
+     * Validate required fields
+     *
+     * @param PageInterface $page
+     * @throws LocalizedException
+     */
+    private function validateRequiredFields(PageInterface $page)
+    {
+        if (empty($page->getTitle())) {
+            throw new LocalizedException(__('Required field "%1" is empty.', 'title'));
+        }
+    }
+
+    /**
+     * Validate layout update
+     *
+     * @param PageInterface $page
+     * @throws LocalizedException
+     */
+    private function validateLayoutUpdate(PageInterface $page)
+    {
+        $layoutXmlValidator = $this->getLayoutValidator();
+
+        try {
+            if (!empty($page->getLayoutUpdateXml())
+                && !$layoutXmlValidator->isValid($page->getLayoutUpdateXml())
+            ) {
+                throw new LocalizedException(__('Layout update is invalid'));
+            }
+        } catch (ValidationException $e) {
+            throw new LocalizedException(__('Layout update is invalid'));
+        } catch (ValidationSchemaException $e) {
+            throw new LocalizedException(__('Layout update is invalid'));
+        }
+    }
+
+    /**
+     * Validate custom layout update
+     *
+     * @param PageInterface $page
+     * @throws LocalizedException
+     */
+    private function validateCustomLayoutUpdate(PageInterface $page)
+    {
+        $layoutXmlValidator = $this->getLayoutValidator();
+
+        try {
+            if (!empty($page->getCustomLayoutUpdateXml())
+                && !$layoutXmlValidator->isValid($page->getCustomLayoutUpdateXml())
+            ) {
+                throw new LocalizedException(__('Custom layout update is invalid'));
+            }
+        } catch (ValidationException $e) {
+            throw new LocalizedException(__('Custom layout update is invalid'));
+        } catch (ValidationSchemaException $e) {
+            throw new LocalizedException(__('Custom layout update is invalid'));
+        }
+    }
+
+    /**
+     * Return a new validator
+     *
+     * @return Validator
+     */
+    private function getLayoutValidator(): Validator
+    {
+        return $this->validatorFactory->create(
+            [
+                'validationState' => $this->validationState,
+            ]
+        );
+    }
+}

app/code/Magento/Cms/Model/PageRepository/ValidatorInterface.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Cms\Model\PageRepository;
+
+use Magento\Cms\Api\Data\PageInterface;
+use Magento\Framework\Exception\LocalizedException;
+
+/**
+ * Validate a page repository
+ */
+interface ValidatorInterface
+{
+    /**
+     * Assert the given page valid
+     *
+     * @param PageInterface $page
+     * @return void
+     * @throws LocalizedException
+     */
+    public function validate(PageInterface $page);
+}