MAGETWO-97997: Improve pagecache block controller

Author: Joan He

app/code/Magento/PageCache/Controller/Block.php

@@ -10,6 +10,9 @@
 use Magento\Framework\Serialize\Serializer\Base64Json;
 use Magento\Framework\Serialize\Serializer\Json;
 
+/**
+ * Page cache block controller abstract class
+ */
 abstract class Block extends \Magento\Framework\App\Action\Action
 {
     /**
@@ -55,13 +58,12 @@ public function __construct(
     protected function _getBlocks()
     {
         $blocks = $this->getRequest()->getParam('blocks', '');
-        $handles = $this->getRequest()->getParam('handles', '');
+        $handles = $this->getHandles();
 
         if (!$handles || !$blocks) {
             return [];
         }
         $blocks = $this->jsonSerializer->unserialize($blocks);
-        $handles = $this->base64jsonSerializer->unserialize($handles);
 
         $this->_view->loadLayout($handles, true, true, false);
         $data = [];
@@ -76,4 +78,22 @@ protected function _getBlocks()
 
         return $data;
     }
+
+    /**
+     * Get handles
+     *
+     * @return array
+     */
+    private function getHandles(): array
+    {
+        $handles = $this->getRequest()->getParam('handles', '');
+        $handles = !$handles ? [] : $this->base64jsonSerializer->unserialize($handles);
+        $validHandles = [];
+        foreach ($handles as $handle) {
+            if (!preg_match('/[@\'\*\.\\\"]/i', $handle)) {
+                $validHandles[] = $handle;
+            }
+        }
+        return $validHandles;
+    }
 }

app/code/Magento/PageCache/Controller/Block/Render.php

@@ -6,6 +6,11 @@
  */
 namespace Magento\PageCache\Controller\Block;
 
+/**
+ * Page cache render controller
+ *
+ * @deprecated
+ */
 class Render extends \Magento\PageCache\Controller\Block
 {
     /**

app/code/Magento/PageCache/Test/Unit/Controller/Block/RenderTest.php

@@ -111,7 +111,7 @@ public function testExecuteNoParams()
     public function testExecute()
     {
         $blocks = ['block1', 'block2'];
-        $handles = ['handle1', 'handle2'];
+        $handles = ['handle1', 'handle2', "'handle'", '@hanle', '"hanle', '*hanle', '.hanle'];
         $originalRequest = '{"route":"route","controller":"controller","action":"action","uri":"uri"}';
         $expectedData = ['block1' => 'data1', 'block2' => 'data2'];
 
@@ -148,7 +148,7 @@ public function testExecute()
             ->method('getParam')
             ->with($this->equalTo('handles'), $this->equalTo(''))
             ->will($this->returnValue(base64_encode(json_encode($handles))));
-        $this->viewMock->expects($this->once())->method('loadLayout')->with($this->equalTo($handles));
+        $this->viewMock->expects($this->once())->method('loadLayout')->with($this->equalTo(['handle1', 'handle2']));
         $this->viewMock->expects($this->any())->method('getLayout')->will($this->returnValue($this->layoutMock));
         $this->layoutMock->expects($this->at(0))
             ->method('getBlock')