Merge branch '2.0-develop' into MAGETWO-59676

Author: Oleksii Korshenko

app/bootstrap.php

@@ -35,6 +35,17 @@
 $mask = file_exists($umaskFile) ? octdec(file_get_contents($umaskFile)) : 002;
 umask($mask);
 
+if (empty($_SERVER['ENABLE_IIS_REWRITES']) || ($_SERVER['ENABLE_IIS_REWRITES'] != 1)) {
+    /*
+     * Unset headers used by IIS URL rewrites.
+     */
+    unset($_SERVER['HTTP_X_REWRITE_URL']);
+    unset($_SERVER['HTTP_X_ORIGINAL_URL']);
+    unset($_SERVER['IIS_WasUrlRewritten']);
+    unset($_SERVER['UNENCODED_URL']);
+    unset($_SERVER['ORIG_PATH_INFO']);
+}
+
 if (!empty($_SERVER['MAGE_PROFILER'])
     && isset($_SERVER['HTTP_ACCEPT'])
     && strpos($_SERVER['HTTP_ACCEPT'], 'text/html') !== false

app/code/Magento/Backend/Controller/Adminhtml/System/Account/Save.php

@@ -52,12 +52,19 @@ public function execute()
                 $user->setPassword($password);
                 $user->setPasswordConfirmation($passwordConfirmation);
             }
-            $user->save();
-            /** Send password reset email notification only when password was changed */
-            if ($password !== '') {
-                $user->sendPasswordResetNotificationEmail();
+            $errors = $user->validate();
+            if ($errors !== true && !empty($errors)) {
+                foreach ($errors as $error) {
+                    $this->messageManager->addError($error);
+                }
+            } else {
+                $user->save();
+                /** Send password reset email notification only when password was changed */
+                if ($password !== '') {
+                    $user->sendPasswordResetNotificationEmail();
+                }
+                $this->messageManager->addSuccess(__('You saved the account.'));
             }
-            $this->messageManager->addSuccess(__('You saved the account.'));
         } catch (ValidatorException $e) {
             $this->messageManager->addMessages($e->getMessages());
             if ($e->getMessage()) {

app/code/Magento/Backend/Test/Unit/Controller/Adminhtml/System/Account/SaveTest.php

@@ -76,7 +76,10 @@ protected function setUp()
         $this->_userMock = $this->getMockBuilder('Magento\User\Model\User')
             ->disableOriginalConstructor()
             ->setMethods(
-                ['load', 'save', 'sendPasswordResetNotificationEmail', 'verifyIdentity', '__sleep', '__wakeup']
+                [
+                    'load', 'save', 'sendPasswordResetNotificationEmail',
+                    'verifyIdentity', 'validate', '__sleep', '__wakeup'
+                ]
             )
             ->getMock();
 
@@ -193,6 +196,7 @@ public function testSaveAction()
 
         $this->_userMock->expects($this->once())->method('save');
         $this->_userMock->expects($this->once())->method('verifyIdentity')->will($this->returnValue(true));
+        $this->_userMock->expects($this->once())->method('validate')->willReturn(true);
         $this->_userMock->expects($this->once())->method('sendPasswordResetNotificationEmail');
 
         $this->_requestMock->setParams($requestParams);

app/code/Magento/Backend/composer.json

@@ -21,7 +21,7 @@
         "magento/framework": "100.0.*"
     },
     "type": "magento2-module",
-    "version": "100.0.7",
+    "version": "100.0.8",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Braintree/composer.json

@@ -22,7 +22,7 @@
         "magento/module-checkout-agreements": "100.0.*"
     },
     "type": "magento2-module",
-    "version": "100.0.6",
+    "version": "100.0.7",
     "license": [
         "proprietary"
     ],

app/code/Magento/Catalog/Controller/Adminhtml/Product/Action/Attribute/Save.php

@@ -132,7 +132,7 @@ public function execute()
                         $attributesData[$attributeCode] = $value;
                     } elseif ($attribute->getFrontendInput() == 'multiselect') {
                         // Check if 'Change' checkbox has been checked by admin for this attribute
-                        $isChanged = (bool)$this->getRequest()->getPost($attributeCode . '_checkbox');
+                        $isChanged = (bool)$this->getRequest()->getPost('toggle_' . $attributeCode);
                         if (!$isChanged) {
                             unset($attributesData[$attributeCode]);
                             continue;

app/code/Magento/Catalog/Controller/Adminhtml/Product/Save.php

@@ -73,7 +73,6 @@ public function execute()
         $productTypeId = $this->getRequest()->getParam('type');
         if ($data) {
             try {
-                $data = $this->unserializeData($data);
                 $product = $this->initializationHelper->initialize($this->productBuilder->build($this->getRequest()));
                 $this->productTypeManager->processProduct($product);
 
@@ -158,29 +157,6 @@ public function execute()
         return $resultRedirect;
     }
 
-    /**
-     * @param array $data
-     * @return array
-     */
-    private function unserializeData($data)
-    {
-        if (isset($data["configurable-matrix-serialized"])) {
-            $configurableMatrixSerialized = $data["configurable-matrix-serialized"];
-            if ($configurableMatrixSerialized != null && !empty($configurableMatrixSerialized)) {
-                $data["variations-matrix"] = json_decode($configurableMatrixSerialized, true);
-                unset($data["configurable-matrix-serialized"]);
-            }
-        }
-        if (isset($data["associated_product_ids_serialized"])) {
-            $associatedProductIdsSerialized = $data["associated_product_ids_serialized"];
-            if ($associatedProductIdsSerialized != null && !empty($associatedProductIdsSerialized)) {
-                $data["associated_product_ids"] = json_decode($associatedProductIdsSerialized, true);
-                unset($data["associated_product_ids_serialized"]);
-            }
-        }
-        return $data;
-    }
-
     /**
      * Notify customer when image was not deleted in specific case.
      * TODO: temporary workaround must be eliminated in MAGETWO-45306

app/code/Magento/Catalog/composer.json

@@ -34,7 +34,7 @@
         "magento/module-catalog-sample-data": "Sample Data version:100.0.*"
     },
     "type": "magento2-module",
-    "version": "100.0.9",
+    "version": "100.0.10",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Checkout/Controller/Sidebar/RemoveItem.php

@@ -13,7 +13,13 @@
 use Magento\Framework\Json\Helper\Data;
 use Magento\Framework\View\Result\PageFactory;
 use Psr\Log\LoggerInterface;
+use Magento\Framework\Data\Form\FormKey\Validator;
+use Magento\Framework\App\ObjectManager;
 
+/**
+ * Class RemoveItem
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class RemoveItem extends Action
 {
     /**
@@ -36,6 +42,11 @@ class RemoveItem extends Action
      */
     protected $resultPageFactory;
 
+    /**
+     * @var Validator
+     */
+    private $formKeyValidator;
+
     /**
      * @param Context $context
      * @param Sidebar $sidebar
@@ -59,12 +70,17 @@ public function __construct(
     }
 
     /**
+     * Executes the main action of the controller
+     *
      * @return $this
      */
     public function execute()
     {
         $itemId = (int)$this->getRequest()->getParam('item_id');
         try {
+            if (!$this->getFormKeyValidator()->validate($this->getRequest())) {
+                throw new LocalizedException(__('We can\'t remove the item.'));
+            }
             $this->sidebar->checkQuoteItem($itemId);
             $this->sidebar->removeQuoteItem($itemId);
             return $this->jsonResponse();
@@ -90,4 +106,18 @@ protected function jsonResponse($error = '')
             $this->jsonHelper->jsonEncode($response)
         );
     }
+
+    /**
+     * Getter for FormKeyValidator
+     *
+     * @deprecated
+     * @return Validator
+     */
+    private function getFormKeyValidator()
+    {
+        if ($this->formKeyValidator === null) {
+            $this->formKeyValidator = ObjectManager::getInstance()->get(Validator::class);
+        }
+        return $this->formKeyValidator;
+    }
 }

app/code/Magento/Checkout/Controller/Sidebar/UpdateItemQty.php

@@ -12,7 +12,13 @@
 use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Json\Helper\Data;
 use Psr\Log\LoggerInterface;
+use Magento\Framework\Data\Form\FormKey\Validator;
+use \Magento\Framework\App\ObjectManager;
 
+/**
+ * Class UpdateItemQty
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class UpdateItemQty extends Action
 {
     /**
@@ -30,6 +36,11 @@ class UpdateItemQty extends Action
      */
     protected $jsonHelper;
 
+    /**
+     * @var Validator
+     */
+    private $formKeyValidator;
+
     /**
      * @param Context $context
      * @param Sidebar $sidebar
@@ -50,6 +61,8 @@ public function __construct(
     }
 
     /**
+     * Executes the main action of the controller
+     *
      * @return $this
      */
     public function execute()
@@ -58,6 +71,9 @@ public function execute()
         $itemQty = (int)$this->getRequest()->getParam('item_qty');
 
         try {
+            if (!$this->getFormKeyValidator()->validate($this->getRequest())) {
+                throw new LocalizedException(__('We can\'t update the shopping cart.'));
+            }
             $this->sidebar->checkQuoteItem($itemId);
             $this->sidebar->updateQuoteItem($itemId, $itemQty);
             return $this->jsonResponse();
@@ -81,4 +97,18 @@ protected function jsonResponse($error = '')
             $this->jsonHelper->jsonEncode($this->sidebar->getResponseData($error))
         );
     }
+
+    /**
+     * Getter for FormKeyValidator
+     *
+     * @deprecated
+     * @return Validator
+     */
+    private function getFormKeyValidator()
+    {
+        if ($this->formKeyValidator === null) {
+            $this->formKeyValidator = ObjectManager::getInstance()->get(Validator::class);
+        }
+        return $this->formKeyValidator;
+    }
 }