Merge remote-tracking branch 'origin/MC-40901' into 2.4.3-develop-pr124

Author: zakdma

lib/internal/Magento/Framework/App/StaticResource.php

@@ -9,6 +9,8 @@
 use Magento\Framework\ObjectManager\ConfigLoaderInterface;
 use Magento\Framework\Filesystem;
 use Magento\Framework\Config\ConfigOptionsListConstants;
+use Magento\Framework\Validator\Locale;
+use Magento\Framework\View\Design\Theme\ThemePackageList;
 use Psr\Log\LoggerInterface;
 use Magento\Framework\Debug;
 use Magento\Framework\Filesystem\Driver\File;
@@ -80,6 +82,16 @@ class StaticResource implements \Magento\Framework\AppInterface
      */
     private $driver;
 
+    /**
+     * @var ThemePackageList
+     */
+    private $themePackageList;
+
+    /**
+     * @var Locale
+     */
+    private $localeValidator;
+
     /**
      * @param State $state
      * @param Response\FileInterface $response
@@ -91,6 +103,8 @@ class StaticResource implements \Magento\Framework\AppInterface
      * @param ConfigLoaderInterface $configLoader
      * @param DeploymentConfig|null $deploymentConfig
      * @param File|null $driver
+     * @param ThemePackageList|null $themePackageList
+     * @param Locale|null $localeValidator
      *
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
@@ -104,7 +118,9 @@ public function __construct(
         \Magento\Framework\ObjectManagerInterface $objectManager,
         ConfigLoaderInterface $configLoader,
         DeploymentConfig $deploymentConfig = null,
-        File $driver = null
+        File $driver = null,
+        ThemePackageList $themePackageList = null,
+        Locale $localeValidator = null
     ) {
         $this->state = $state;
         $this->response = $response;
@@ -116,6 +132,8 @@ public function __construct(
         $this->configLoader = $configLoader;
         $this->deploymentConfig = $deploymentConfig ?: ObjectManager::getInstance()->get(DeploymentConfig::class);
         $this->driver = $driver ?: ObjectManager::getInstance()->get(File::class);
+        $this->themePackageList = $themePackageList ?? ObjectManager::getInstance()->get(ThemePackageList::class);
+        $this->localeValidator = $localeValidator ?? ObjectManager::getInstance()->get(Locale::class);
     }
 
     /**
@@ -149,6 +167,16 @@ public function launch()
             throw $e;
         }
 
+        if (!($this->isThemeAllowed($params['area'] . DIRECTORY_SEPARATOR . $params['theme'])
+            && $this->localeValidator->isValid($params['locale']))
+        ) {
+            if ($appMode == \Magento\Framework\App\State::MODE_PRODUCTION) {
+                $this->response->setHttpResponseCode(404);
+                return $this->response;
+            }
+            throw new \InvalidArgumentException('Requested path ' . $path . ' is wrong.');
+        }
+
         $this->state->setAreaCode($params['area']);
         $this->objectManager->configure($this->configLoader->load($params['area']));
         $file = $params['file'];
@@ -247,4 +275,9 @@ private function getLogger()
 
         return $this->logger;
     }
+
+    private function isThemeAllowed(string $theme): bool
+    {
+        return in_array($theme, array_keys($this->themePackageList->getThemes()));
+    }
 }

lib/internal/Magento/Framework/App/Test/Unit/StaticResourceTest.php

@@ -19,8 +19,10 @@
 use Magento\Framework\Filesystem\Driver\File;
 use Magento\Framework\Module\ModuleList;
 use Magento\Framework\ObjectManagerInterface;
+use Magento\Framework\Validator\Locale;
 use Magento\Framework\View\Asset\LocalInterface;
 use Magento\Framework\View\Asset\Repository;
+use Magento\Framework\View\Design\Theme\ThemePackageList;
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
@@ -85,6 +87,16 @@ class StaticResourceTest extends TestCase
      */
     private $driverMock;
 
+    /**
+     * @var ThemePackageList|MockObject
+     */
+    private $themePackageListMock;
+
+    /**
+     * @var Locale|MockObject
+     */
+    private $localeValidatorMock;
+
     /**
      * @var StaticResource
      */
@@ -106,6 +118,8 @@ protected function setUp(): void
         $this->configLoaderMock = $this->createMock(ConfigLoader::class);
         $this->deploymentConfigMock = $this->createMock(DeploymentConfig::class);
         $this->driverMock = $this->createMock(File::class);
+        $this->themePackageListMock = $this->createMock(ThemePackageList::class);
+        $this->localeValidatorMock = $this->createMock(Locale::class);
         $this->object = new StaticResource(
             $this->stateMock,
             $this->responseMock,
@@ -116,7 +130,9 @@ protected function setUp(): void
             $this->objectManagerMock,
             $this->configLoaderMock,
             $this->deploymentConfigMock,
-            $this->driverMock
+            $this->driverMock,
+            $this->themePackageListMock,
+            $this->localeValidatorMock
         );
     }
 
@@ -210,6 +226,16 @@ public function testLaunch(
         $this->driverMock->expects($this->once())
             ->method('getRealPathSafety')
             ->willReturnArgument(0);
+        $this->themePackageListMock->expects($this->atLeastOnce())->method('getThemes')->willReturn(
+            [
+                'area/Magento/theme' => [
+                    'area' => 'area',
+                    'vendor' => 'Magento',
+                    'name' => 'theme',
+                ],
+            ],
+        );
+        $this->localeValidatorMock->expects($this->once())->method('isValid')->willReturn(true);
         $this->object->launch();
     }
 
@@ -353,4 +379,86 @@ public function testLaunchPathAbove()
 
         $this->object->launch();
     }
+
+    /**
+     * @param array $themes
+     * @dataProvider themesDataProvider
+     */
+    public function testLaunchWithInvalidTheme(array $themes): void
+    {
+        $this->expectException('InvalidArgumentException');
+        $path = 'frontend/Test/luma/en_US/calendar.css';
+
+        $this->stateMock->expects($this->once())
+            ->method('getMode')
+            ->willReturn(State::MODE_DEVELOPER);
+        $this->requestMock->expects($this->once())
+            ->method('get')
+            ->with('resource')
+            ->willReturn($path);
+        $this->driverMock->expects($this->once())
+            ->method('getRealPathSafety')
+            ->with($path)
+            ->willReturn($path);
+        $this->themePackageListMock->expects($this->once())->method('getThemes')->willReturn($themes);
+        $this->localeValidatorMock->expects($this->never())->method('isValid');
+        $this->expectExceptionMessage('Requested path ' . $path . ' is wrong.');
+
+        $this->object->launch();
+    }
+
+    /**
+     * @param array $themes
+     * @dataProvider themesDataProvider
+     */
+    public function testLaunchWithInvalidLocale(array $themes): void
+    {
+        $this->expectException('InvalidArgumentException');
+        $path = 'frontend/Magento/luma/test/calendar.css';
+
+        $this->stateMock->expects($this->once())
+            ->method('getMode')
+            ->willReturn(State::MODE_DEVELOPER);
+        $this->requestMock->expects($this->once())
+            ->method('get')
+            ->with('resource')
+            ->willReturn($path);
+        $this->driverMock->expects($this->once())
+            ->method('getRealPathSafety')
+            ->with($path)
+            ->willReturn($path);
+        $this->themePackageListMock->expects($this->once())->method('getThemes')->willReturn($themes);
+        $this->localeValidatorMock->expects($this->once())->method('isValid')->willReturn(false);
+        $this->expectExceptionMessage('Requested path ' . $path . ' is wrong.');
+
+        $this->object->launch();
+    }
+
+    /**
+     * @return array
+     */
+    public function themesDataProvider(): array
+    {
+        return  [
+            [
+                [
+                    'adminhtml/Magento/backend' => [
+                        'area' => 'adminhtml',
+                        'vendor' => 'Magento',
+                        'name' => 'backend',
+                    ],
+                    'frontend/Magento/blank' => [
+                        'area' => 'frontend',
+                        'vendor' => 'Magento',
+                        'name' => 'blank',
+                    ],
+                    'frontend/Magento/luma' => [
+                        'area' => 'frontend',
+                        'vendor' => 'Magento',
+                        'name' => 'luma',
+                    ],
+                ],
+            ],
+        ];
+    }
 }