Merge remote-tracking branch 'origin/MC-17383' into 2.2-develop-pr104

Author: OlgaVasyltsun

app/code/Magento/AdminNotification/Model/Feed.php

@@ -25,6 +25,11 @@ class Feed extends \Magento\Framework\Model\AbstractModel
 
     const XML_LAST_UPDATE_PATH = 'system/adminnotification/last_update';
 
+    /**
+     * @var \Magento\Framework\Escaper
+     */
+    private $escaper;
+
     /**
      * Feed url
      *
@@ -77,6 +82,7 @@ class Feed extends \Magento\Framework\Model\AbstractModel
      * @param \Magento\Framework\Model\ResourceModel\AbstractResource $resource
      * @param \Magento\Framework\Data\Collection\AbstractDb $resourceCollection
      * @param array $data
+     * @param \Magento\Framework\Escaper|null $escaper
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
@@ -90,7 +96,8 @@ public function __construct(
         \Magento\Framework\UrlInterface $urlBuilder,
         \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
         \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
+        array $data = [],
+        \Magento\Framework\Escaper $escaper = null
     ) {
         parent::__construct($context, $registry, $resource, $resourceCollection, $data);
         $this->_backendConfig    = $backendConfig;
@@ -99,12 +106,16 @@ public function __construct(
         $this->_deploymentConfig = $deploymentConfig;
         $this->productMetadata   = $productMetadata;
         $this->urlBuilder        = $urlBuilder;
+        $this->escaper = $escaper ?? \Magento\Framework\App\ObjectManager::getInstance()->get(
+            \Magento\Framework\Escaper::class
+        );
     }
 
     /**
      * Init model
      *
      * @return void
+     * phpcs:disable Magento2.CodeAnalysis.EmptyBlock
      */
     protected function _construct()
     {
@@ -255,6 +266,6 @@ public function getFeedXml()
      */
     private function escapeString(\SimpleXMLElement $data)
     {
-        return htmlspecialchars((string)$data);
+        return $this->escaper->escapeHtml((string)$data);
     }
 }

app/code/Magento/AdminNotification/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-admin-notification",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-store": "100.2.*",
         "magento/module-backend": "100.2.*",
         "magento/module-media-storage": "100.2.*",

app/code/Magento/AdvancedPricingImportExport/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-advanced-pricing-import-export",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-catalog": "102.0.*",
         "magento/module-catalog-inventory": "100.2.*",
         "magento/module-eav": "101.0.*",

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/CollectionTimeLabelTest.php

@@ -40,6 +40,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->contextMock = $this->getMockBuilder(Context::class)
             ->setMethods(['getLocaleDate'])
             ->disableOriginalConstructor()

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/SubscriptionStatusLabelTest.php

@@ -54,6 +54,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->formMock = $this->getMockBuilder(Form::class)
             ->disableOriginalConstructor()
             ->getMock();

app/code/Magento/Analytics/Test/Unit/Block/Adminhtml/System/Config/VerticalTest.php

@@ -39,6 +39,15 @@ protected function setUp()
             ->setMethods(['getComment', 'getLabel', 'getHint', 'getHtmlId', 'getName'])
             ->disableOriginalConstructor()
             ->getMock();
+
+        $objectManager = new ObjectManager($this);
+        $escaper = $objectManager->getObject(\Magento\Framework\Escaper::class);
+        $objectManager->setBackwardCompatibleProperty(
+            $this->abstractElementMock,
+            '_escaper',
+            $escaper
+        );
+
         $this->contextMock = $this->getMockBuilder(Context::class)
             ->disableOriginalConstructor()
             ->getMock();

app/code/Magento/Analytics/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-analytics",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-backend": "100.2.*",
         "magento/module-config": "101.0.*",
         "magento/module-integration": "100.2.*",

app/code/Magento/Authorization/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-authorization",
     "description": "Authorization module provides access to Magento ACL functionality.",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-backend": "100.2.*",
         "magento/framework": "101.0.*"
     },

app/code/Magento/Authorizenet/composer.json

@@ -2,7 +2,7 @@
     "name": "magento/module-authorizenet",
     "description": "N/A",
     "require": {
-        "php": "~7.0.13|~7.1.0",
+        "php": "~7.0.13|~7.1.0|~7.2.0",
         "magento/module-sales": "101.0.*",
         "magento/module-store": "100.2.*",
         "magento/module-quote": "101.0.*",

app/code/Magento/Backend/Block/Menu.php

@@ -143,12 +143,15 @@ protected function _getAnchorLabel($menuItem)
 
     /**
      * Render menu item mouse events
+     *
      * @param \Magento\Backend\Model\Menu\Item $menuItem
      * @return string
      */
     protected function _renderMouseEvent($menuItem)
     {
-        return $menuItem->hasChildren() ? 'onmouseover="Element.addClassName(this,\'over\')" onmouseout="Element.removeClassName(this,\'over\')"' : '';
+        return $menuItem->hasChildren()
+            ? 'onmouseover="Element.addClassName(this,\'over\')" onmouseout="Element.removeClassName(this,\'over\')"'
+            : '';
     }
 
     /**
@@ -216,7 +219,7 @@ protected function _callbackSecretKey($match)
     {
         $routeId = $this->routeConfig->getRouteByFrontName($match[1]);
         return \Magento\Backend\Model\UrlInterface::SECRET_KEY_PARAM_NAME . '/' . $this->_url->getSecretKey(
-            $routeId,
+            $routeId ?: $match[1],
             $match[2],
             $match[3]
         );
@@ -399,7 +402,11 @@ public function renderNavigation($menu, $level = 0, $limit = 0, $colBrakes = [])
             $itemName = substr($menuId, strrpos($menuId, '::') + 2);
             $itemClass = str_replace('_', '-', strtolower($itemName));
 
-            if (count($colBrakes) && $colBrakes[$itemPosition]['colbrake'] && $itemPosition != 1) {
+            if (is_array($colBrakes)
+                && count($colBrakes)
+                && $colBrakes[$itemPosition]['colbrake']
+                && $itemPosition != 1
+            ) {
                 $output .= '</ul></li><li class="column"><ul role="menu">';
             }
 
@@ -413,7 +420,7 @@ public function renderNavigation($menu, $level = 0, $limit = 0, $colBrakes = [])
             $itemPosition++;
         }
 
-        if (count($colBrakes) && $limit) {
+        if (is_array($colBrakes) && count($colBrakes) && $limit) {
             $output = '<li class="column"><ul role="menu">' . $output . '</ul></li>';
         }