magento
diff --git a/‎app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php
Lines changed: 29 additions & 9 deletions b/‎app/code/Magento/Webapi/Controller/Rest/InputParamsResolver.php
Lines changed: 29 additions & 9 deletions
diff --git a/‎app/code/Magento/Webapi/Controller/Rest/Router/Route.php
Lines changed: 31 additions & 2 deletions b/‎app/code/Magento/Webapi/Controller/Rest/Router/Route.php
Lines changed: 31 additions & 2 deletions
diff --git a/‎app/code/Magento/Webapi/Controller/Soap/Request/Handler.php
Lines changed: 50 additions & 20 deletions b/‎app/code/Magento/Webapi/Controller/Soap/Request/Handler.php
Lines changed: 50 additions & 20 deletions
@@ -4,18 +4,25 @@
  * See COPYING.txt for license details.
  */
 
+declare(strict_types=1);
+
 namespace Magento\Webapi\Controller\Rest;
 
 use Magento\Framework\Api\SimpleDataObjectConverter;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\AuthorizationException;
+use Magento\Framework\Exception\InputException;
+use Magento\Framework\Exception\LocalizedException;
 use Magento\Framework\Reflection\MethodsMap;
 use Magento\Framework\Webapi\Exception;
 use Magento\Framework\Webapi\ServiceInputProcessor;
 use Magento\Framework\Webapi\Rest\Request as RestRequest;
+use Magento\Framework\Webapi\Validator\EntityArrayValidator\InputArraySizeLimitValue;
 use Magento\Webapi\Controller\Rest\Router\Route;
 
 /**
  * This class is responsible for retrieving resolved input data
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class InputParamsResolver
 {
@@ -54,6 +61,11 @@ class InputParamsResolver
      */
     private $methodsMap;
 
+    /**
+     * @var InputArraySizeLimitValue
+     */
+    private $inputArraySizeLimitValue;
+
     /**
      * Initialize dependencies
      *
@@ -63,14 +75,16 @@ class InputParamsResolver
      * @param Router $router
      * @param RequestValidator $requestValidator
      * @param MethodsMap|null $methodsMap
+     * @param InputArraySizeLimitValue|null $inputArraySizeLimitValue
      */
     public function __construct(
         RestRequest $request,
         ParamsOverrider $paramsOverrider,
         ServiceInputProcessor $serviceInputProcessor,
         Router $router,
         RequestValidator $requestValidator,
-        MethodsMap $methodsMap = null
+        MethodsMap $methodsMap = null,
+        ?InputArraySizeLimitValue $inputArraySizeLimitValue = null
     ) {
         $this->request = $request;
         $this->paramsOverrider = $paramsOverrider;
@@ -79,29 +93,34 @@ public function __construct(
         $this->requestValidator = $requestValidator;
         $this->methodsMap = $methodsMap ?: ObjectManager::getInstance()
             ->get(MethodsMap::class);
+        $this->inputArraySizeLimitValue = $inputArraySizeLimitValue ?? ObjectManager::getInstance()
+                ->get(InputArraySizeLimitValue::class);
     }
 
     /**
      * Process and resolve input parameters
      *
      * @return array
-     * @throws Exception
+     * @throws Exception|AuthorizationException|LocalizedException
      */
     public function resolve()
     {
         $this->requestValidator->validate();
         $route = $this->getRoute();
-        $serviceMethodName = $route->getServiceMethod();
-        $serviceClassName = $route->getServiceClass();
-        $inputData = $this->getInputData();
+        $this->inputArraySizeLimitValue->set($route->getInputArraySizeLimit());
 
-        return $this->serviceInputProcessor->process($serviceClassName, $serviceMethodName, $inputData);
+        return $this->serviceInputProcessor->process(
+            $route->getServiceClass(),
+            $route->getServiceMethod(),
+            $this->getInputData(),
+        );
     }
 
     /**
      * Get API input data
      *
      * @return array
+     * @throws InputException|Exception
      */
     public function getInputData()
     {
@@ -131,6 +150,7 @@ public function getInputData()
      * Retrieve current route.
      *
      * @return Route
+     * @throws Exception
      */
     public function getRoute()
     {
@@ -174,9 +194,9 @@ private function validateParameters(
             }
         }
         if (!empty($paramOverriders)) {
-            throw new \UnexpectedValueException(
-                __('The current request does not expect the next parameters: ' . implode(', ', $paramOverriders))
-            );
+            $message = 'The current request does not expect the next parameters: '
+                . implode(', ', $paramOverriders);
+            throw new \UnexpectedValueException(__($message)->__toString());
         }
     }
 }
@@ -1,15 +1,19 @@
 <?php
 /**
- * Route to services available via REST API.
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+
+declare(strict_types=1);
+
 namespace Magento\Webapi\Controller\Rest\Router;
 
 use Magento\Framework\App\RequestInterface as Request;
 use Magento\Framework\App\RouterInterface;
 
+/**
+ * Route to services available via REST API.
+ */
 class Route implements RouterInterface
 {
     /**
@@ -47,6 +51,11 @@ class Route implements RouterInterface
      */
     protected $route;
 
+    /**
+     * @var int|null
+     */
+    private $inputArraySizeLimit;
+
     /**
      * @param string $route
      */
@@ -251,4 +260,24 @@ public function getRoutePath()
     {
         return $this->route;
     }
+
+    /**
+     * Get array size limit of input data
+     *
+     * @return int|null
+     */
+    public function getInputArraySizeLimit(): ?int
+    {
+        return $this->inputArraySizeLimit;
+    }
+
+    /**
+     * Set array size limit of input data
+     *
+     * @param int|null $limit
+     */
+    public function setInputArraySizeLimit(?int $limit): void
+    {
+        $this->inputArraySizeLimit = $limit;
+    }
 }
@@ -4,18 +4,23 @@
  * See COPYING.txt for license details.
  */
 
+declare(strict_types=1);
+
 namespace Magento\Webapi\Controller\Soap\Request;
 
+use InvalidArgumentException;
 use Magento\Framework\Api\ExtensibleDataInterface;
 use Magento\Framework\Api\MetadataObjectInterface;
 use Magento\Framework\Api\SimpleDataObjectConverter;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\ObjectManagerInterface;
 use Magento\Framework\Webapi\Authorization;
 use Magento\Framework\Exception\AuthorizationException;
 use Magento\Framework\Reflection\DataObjectProcessor;
 use Magento\Framework\Webapi\ServiceInputProcessor;
-use Magento\Framework\Webapi\Request as SoapRequest;
+use Magento\Framework\Webapi\Request as WebapiRequest;
 use Magento\Framework\Webapi\Exception as WebapiException;
+use Magento\Framework\Webapi\Validator\EntityArrayValidator\InputArraySizeLimitValue;
 use Magento\Webapi\Controller\Rest\ParamsOverrider;
 use Magento\Webapi\Model\Soap\Config as SoapConfig;
 use Magento\Framework\Reflection\MethodsMap;
@@ -30,45 +35,45 @@
  */
 class Handler
 {
-    const RESULT_NODE_NAME = 'result';
+    public const RESULT_NODE_NAME = 'result';
 
     /**
-     * @var \Magento\Framework\Webapi\Request
+     * @var WebapiRequest
      */
     protected $_request;
 
     /**
-     * @var \Magento\Framework\ObjectManagerInterface
+     * @var ObjectManagerInterface
      */
     protected $_objectManager;
 
     /**
-     * @var \Magento\Webapi\Model\Soap\Config
+     * @var SoapConfig
      */
     protected $_apiConfig;
 
     /**
-     * @var \Magento\Framework\Webapi\Authorization
+     * @var Authorization
      */
     protected $authorization;
 
     /**
-     * @var \Magento\Framework\Api\SimpleDataObjectConverter
+     * @var SimpleDataObjectConverter
      */
     protected $_dataObjectConverter;
 
     /**
-     * @var \Magento\Framework\Webapi\ServiceInputProcessor
+     * @var ServiceInputProcessor
      */
     protected $serviceInputProcessor;
 
     /**
-     * @var \Magento\Framework\Reflection\DataObjectProcessor
+     * @var DataObjectProcessor
      */
     protected $_dataObjectProcessor;
 
     /**
-     * @var \Magento\Framework\Reflection\MethodsMap
+     * @var MethodsMap
      */
     protected $methodsMapProcessor;
 
@@ -77,29 +82,37 @@ class Handler
      */
     private $paramsOverrider;
 
+    /**
+     * @var InputArraySizeLimitValue
+     */
+    private $inputArraySizeLimitValue;
+
     /**
      * Initialize dependencies.
      *
-     * @param SoapRequest $request
-     * @param \Magento\Framework\ObjectManagerInterface $objectManager
+     * @param WebapiRequest $request
+     * @param ObjectManagerInterface $objectManager
      * @param SoapConfig $apiConfig
      * @param Authorization $authorization
      * @param SimpleDataObjectConverter $dataObjectConverter
      * @param ServiceInputProcessor $serviceInputProcessor
      * @param DataObjectProcessor $dataObjectProcessor
      * @param MethodsMap $methodsMapProcessor
      * @param ParamsOverrider|null $paramsOverrider
+     * @param InputArraySizeLimitValue|null $inputArraySizeLimitValue
+     * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      */
     public function __construct(
-        SoapRequest $request,
-        \Magento\Framework\ObjectManagerInterface $objectManager,
+        WebapiRequest  $request,
+        ObjectManagerInterface $objectManager,
         SoapConfig $apiConfig,
         Authorization $authorization,
         SimpleDataObjectConverter $dataObjectConverter,
         ServiceInputProcessor $serviceInputProcessor,
         DataObjectProcessor $dataObjectProcessor,
         MethodsMap $methodsMapProcessor,
-        ?ParamsOverrider $paramsOverrider = null
+        ?ParamsOverrider $paramsOverrider = null,
+        ?InputArraySizeLimitValue $inputArraySizeLimitValue = null
     ) {
         $this->_request = $request;
         $this->_objectManager = $objectManager;
@@ -110,6 +123,8 @@ public function __construct(
         $this->_dataObjectProcessor = $dataObjectProcessor;
         $this->methodsMapProcessor = $methodsMapProcessor;
         $this->paramsOverrider = $paramsOverrider ?? ObjectManager::getInstance()->get(ParamsOverrider::class);
+        $this->inputArraySizeLimitValue = $inputArraySizeLimitValue ?? ObjectManager::getInstance()
+                ->get(InputArraySizeLimitValue::class);
     }
 
     /**
@@ -144,10 +159,24 @@ public function __call($operation, $arguments)
         }
         $service = $this->_objectManager->get($serviceClass);
         $inputData = $this->prepareOperationInput($serviceClass, $serviceMethodInfo, $arguments);
-        $outputData = call_user_func_array([$service, $serviceMethod], $inputData);
+        $outputData = $this->runServiceMethod($service, $serviceMethod, $inputData);
         return $this->_prepareResponseData($outputData, $serviceClass, $serviceMethod);
     }
 
+    /**
+     * Runs service method
+     *
+     * @param object $service
+     * @param string $serviceMethod
+     * @param array $inputData
+     * @return false|mixed
+     */
+    private function runServiceMethod($service, $serviceMethod, $inputData)
+    {
+        // phpcs:ignore Magento2.Functions.DiscouragedFunction
+        return call_user_func_array([$service, $serviceMethod], $inputData);
+    }
+
     /**
      * Convert arguments received from SOAP server to arguments to pass to a service.
      *
@@ -156,14 +185,14 @@ public function __call($operation, $arguments)
      * @param array $arguments
      * @return array
      * @throws WebapiException
-     * @throws \Magento\Framework\Exception\InputException
      */
     private function prepareOperationInput(string $serviceClass, array $methodMetadata, array $arguments): array
     {
         /** SoapServer wraps parameters into array. Thus this wrapping should be removed to get access to parameters. */
         $arguments = reset($arguments);
         $arguments = $this->_dataObjectConverter->convertStdObjectToArray($arguments, true);
         $arguments = $this->paramsOverrider->override($arguments, $methodMetadata[ServiceMetadata::KEY_ROUTE_PARAMS]);
+        $this->inputArraySizeLimitValue->set($methodMetadata[ServiceMetadata::KEY_INPUT_ARRAY_SIZE_LIMIT]);
 
         return $this->serviceInputProcessor->process(
             $serviceClass,
@@ -179,8 +208,9 @@ private function prepareOperationInput(string $serviceClass, array $methodMetada
      * @param string $serviceMethod
      * @param array $arguments
      * @return array
-     * @deprecated 100.3.2
+     * @throws WebapiException
      * @see Handler::prepareOperationInput()
+     * @deprecated 100.3.2
      */
     protected function _prepareRequestData($serviceClass, $serviceMethod, $arguments)
     {
@@ -198,7 +228,7 @@ protected function _prepareRequestData($serviceClass, $serviceMethod, $arguments
      * @param string $serviceClassName
      * @param string $serviceMethodName
      * @return array
-     * @throws \InvalidArgumentException
+     * @throws InvalidArgumentException
      */
     protected function _prepareResponseData($data, $serviceClassName, $serviceMethodName)
     {
@@ -225,7 +255,7 @@ protected function _prepareResponseData($data, $serviceClassName, $serviceMethod
         } elseif (is_scalar($data) || $data === null) {
             $result = $data;
         } else {
-            throw new \InvalidArgumentException("Service returned result in invalid format.");
+            throw new InvalidArgumentException("Service returned result in invalid format.");
         }
         return [self::RESULT_NODE_NAME => $result];
     }