Merge remote-tracking branch 'arcticfoxes/MAGETWO-98345' into 2.1.18-develop-pr

Author: Joan He

app/code/Magento/Config/Model/Config/Backend/Baseurl.php

@@ -5,13 +5,21 @@
  */
 namespace Magento\Config\Model\Config\Backend;
 
+use Magento\Framework\Validator\Url as UrlValidator;
+use Magento\Framework\App\ObjectManager;
+
 class Baseurl extends \Magento\Framework\App\Config\Value
 {
     /**
      * @var \Magento\Framework\View\Asset\MergeService
      */
     protected $_mergeService;
 
+    /**
+     * @var UrlValidator
+     */
+    private $urlValidator;
+
     /**
      * @param \Magento\Framework\Model\Context $context
      * @param \Magento\Framework\Registry $registry
@@ -193,8 +201,7 @@ private function _validateFullyQualifiedUrl($value)
      */
     private function _isFullyQualifiedUrl($value)
     {
-        $url = parse_url($value);
-        return isset($url['scheme']) && isset($url['host']) && preg_match('/\/$/', $value);
+        return preg_match('/\/$/', $value) && $this->getUrlValidator()->isValid($value, ['http', 'https']);
     }
 
     /**
@@ -216,4 +223,18 @@ public function afterSave()
         }
         return parent::afterSave();
     }
+
+    /**
+     * Get URL Validator
+     *
+     * @deprecated
+     * @return UrlValidator
+     */
+    private function getUrlValidator()
+    {
+        if (!$this->urlValidator) {
+            $this->urlValidator = ObjectManager::getInstance()->get(UrlValidator::class);
+        }
+        return $this->urlValidator;
+    }
 }

dev/tests/functional/tests/app/Magento/Install/Test/Block/WebConfiguration.php

@@ -21,7 +21,7 @@ class WebConfiguration extends Form
      *
      * @var string
      */
-    protected $next = "[ng-click*='next']";
+    protected $next = "[ng-click*='validateUrl']";
 
     /**
      * 'Advanced Options' locator.

dev/tests/integration/testsuite/Magento/Config/Model/Config/Backend/BaseurlTest.php

@@ -98,30 +98,41 @@ public function validationExceptionDataProvider()
         $securePlaceholder = '{{secure_base_url}}';
         $secureSuffix = '{{secure_base_url}}test/';
         $secureWrongSuffix = '{{secure_base_url}}test';
+        $unsecureWrongDomainName = 'http://example.com_test/';
+        $secureWrongDomainName = 'https://example.com_test/';
 
         return [
             ['', 'not a valid URL'],
             ['', 'example.com'],
             ['', 'http://example.com'],
             ['', 'http://example.com/uri'],
+            ['', $unsecureWrongDomainName],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_URL, ''],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_URL, $baseSuffix],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_URL, $unsecureSuffix],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_URL, $unsecurePlaceholder],
+            [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_URL, $unsecureWrongDomainName],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_LINK_URL, ''],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_LINK_URL, $baseSuffix],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_LINK_URL, $unsecureWrongSuffix],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_MEDIA_URL, $unsecureWrongSuffix],
             [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_STATIC_URL, $unsecureWrongSuffix],
+            [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_LINK_URL, $unsecureWrongDomainName],
+            [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_MEDIA_URL, $unsecureWrongDomainName],
+            [\Magento\Store\Model\Store::XML_PATH_UNSECURE_BASE_STATIC_URL, $unsecureWrongDomainName],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_URL, ''],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_URL, $baseSuffix],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_URL, $secureSuffix],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_URL, $securePlaceholder],
+            [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_URL, $secureWrongDomainName],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_LINK_URL, ''],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_LINK_URL, $baseSuffix],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_LINK_URL, $secureWrongSuffix],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_MEDIA_URL, $secureWrongSuffix],
             [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_STATIC_URL, $secureWrongSuffix],
+            [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_LINK_URL, $secureWrongDomainName],
+            [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_MEDIA_URL, $secureWrongDomainName],
+            [\Magento\Store\Model\Store::XML_PATH_SECURE_BASE_STATIC_URL, $secureWrongDomainName],
         ];
     }
 }

dev/tests/integration/testsuite/Magento/Setup/Controller/UrlCheckTest.php

@@ -0,0 +1,98 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Setup\Controller;
+
+use Magento\TestFramework\Helper\Bootstrap;
+use Zend\Stdlib\RequestInterface as Request;
+use Zend\View\Model\JsonModel;
+
+class UrlCheckTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var UrlCheck
+     */
+    private $controller;
+
+    protected function setUp()
+    {
+        $this->controller = Bootstrap::getObjectManager()->create(UrlCheck::class);
+    }
+
+    /**
+     * @param $requestContent
+     * @param $successUrl
+     * @param $successSecureUrl
+     * @dataProvider indexActionDataProvider
+     * @throws \ReflectionException
+     */
+    public function testIndexAction($requestContent, $successUrl, $successSecureUrl)
+    {
+        $requestMock = $this->getMockBuilder(Request::class)
+            ->getMockForAbstractClass();
+        $requestMock->expects($this->once())
+            ->method('getContent')
+            ->willReturn(json_encode($requestContent));
+
+        $requestProperty = new \ReflectionProperty(get_class($this->controller), 'request');
+        $requestProperty->setAccessible(true);
+        $requestProperty->setValue($this->controller, $requestMock);
+
+        $resultModel = new JsonModel(['successUrl' => $successUrl, 'successSecureUrl' => $successSecureUrl]);
+
+        $this->assertEquals($resultModel, $this->controller->indexAction());
+    }
+
+    /**
+     * @return array
+     */
+    public function indexActionDataProvider()
+    {
+        return [
+            [
+                'requestContent' => [
+                    'address' => [
+                        'actual_base_url' => 'http://example.com/'
+                    ],
+                    'https' => [
+                        'text' => 'https://example.com/',
+                        'admin' => true,
+                        'front' => false
+                    ],
+                ],
+                'successUrl' => true,
+                'successSecureUrl' => true
+            ],
+            [
+                'requestContent' => [
+                    'address' => [
+                        'actual_base_url' => 'http://example.com/folder/'
+                    ],
+                    'https' => [
+                        'text' => 'https://example.com/folder_name/',
+                        'admin' => false,
+                        'front' => true
+                    ],
+                ],
+                'successUrl' => true,
+                'successSecureUrl' => true
+            ],
+            [
+                'requestContent' => [
+                    'address' => [
+                        'actual_base_url' => 'ftp://example.com/'
+                    ],
+                    'https' => [
+                        'text' => 'https://example.com_test/',
+                        'admin' => true,
+                        'front' => true
+                    ],
+                ],
+                'successUrl' => false,
+                'successSecureUrl' => false
+            ],
+        ];
+    }
+}

lib/internal/Magento/Framework/Validator/Test/Unit/UrlTest.php

@@ -0,0 +1,76 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Validator\Test\Unit;
+
+use Magento\Framework\Validator\Url as UrlValidator;
+
+class UrlTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var UrlValidator
+     */
+    private $validator;
+
+    protected function setUp()
+    {
+        $this->validator = new UrlValidator();
+    }
+
+    /**
+     * @param array $allowedSchemes
+     * @param string $url
+     * @param bool $expectedResult
+     * @dataProvider isValidDataProvider
+     */
+    public function testIsValid(array $allowedSchemes, $url, $expectedResult)
+    {
+        $this->assertSame($expectedResult, $this->validator->isValid($url, $allowedSchemes));
+    }
+
+    /**
+     * @return array
+     */
+    public function isValidDataProvider()
+    {
+        return [
+            [
+                'allowedSchemes' => [],
+                'url' => 'http://example.com',
+                'expectedResult' => true,
+            ],
+            [
+                'allowedSchemes' => ['http'],
+                'url' => 'http://example.com',
+                'expectedResult' => true,
+            ],
+            [
+                'allowedSchemes' => [],
+                'url' => 'https://example.com',
+                'expectedResult' => true,
+            ],
+            [
+                'allowedSchemes' => ['https'],
+                'url' => 'https://example.com',
+                'expectedResult' => true,
+            ],
+            [
+                'allowedSchemes' => [],
+                'url' => 'http://example.com_test',
+                'expectedResult' => false,
+            ],
+            [
+                'allowedSchemes' => [],
+                'url' => 'ftp://example.com',
+                'expectedResult' => true,
+            ],
+            [
+                'allowedSchemes' => ['ftp'],
+                'url' => 'ftp://example.com',
+                'expectedResult' => true,
+            ],
+        ];
+    }
+}

lib/internal/Magento/Framework/Validator/Url.php

@@ -0,0 +1,37 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Validator;
+
+/**
+ * Class Url validates URL and checks that it has allowed scheme
+ */
+class Url
+{
+    /**
+     * Validate URL and check that it has allowed scheme
+     *
+     * @param string $value
+     * @param array $allowedSchemes
+     * @return bool
+     */
+    public function isValid($value, array $allowedSchemes = [])
+    {
+        $isValid = true;
+
+        if (!filter_var($value, FILTER_VALIDATE_URL)) {
+            $isValid = false;
+        }
+
+        if ($isValid && !empty($allowedSchemes)) {
+            $url = parse_url($value);
+            if (empty($url['scheme']) || !in_array($url['scheme'], $allowedSchemes)) {
+                $isValid = false;
+            }
+        }
+
+        return $isValid;
+    }
+}

setup/config/di.config.php

@@ -21,6 +21,7 @@
             'Magento\Setup\Controller\Environment',
             'Magento\Setup\Controller\DependencyCheck',
             'Magento\Setup\Controller\DatabaseCheck',
+            'Magento\Setup\Controller\UrlCheck',
             'Magento\Setup\Controller\ValidateAdminCredentials',
             'Magento\Setup\Controller\AddDatabase',
             'Magento\Setup\Controller\WebConfiguration',

setup/pub/magento/setup/web-configuration.js

@@ -5,7 +5,9 @@
 
 'use strict';
 angular.module('web-configuration', ['ngStorage'])
-    .controller('webConfigurationController', ['$scope', '$state', '$localStorage', function ($scope, $state, $localStorage) {
+    .controller(
+        'webConfigurationController',
+        ['$scope', '$state', '$localStorage', '$http', function ($scope, $state, $localStorage, $http) {
         $scope.config = {
             address: {
                 base_url: '',
@@ -119,4 +121,30 @@ angular.module('web-configuration', ['ngStorage'])
                 $scope.webconfig.submitted = false;
             }
         });
+
+        // Validate URL
+        $scope.validateUrl = function () {
+            if (!$scope.webconfig.submitted) {
+                $http.post('index.php/url-check', $scope.config)
+                    .then(function successCallback(resp) {
+                        $scope.validateUrl.result = resp.data;
+
+                        if ($scope.validateUrl.result.successUrl && $scope.validateUrl.result.successSecureUrl) {
+                            $scope.nextState();
+                        }
+
+                        if (!$scope.validateUrl.result.successUrl) {
+                            $scope.webconfig.submitted = true;
+                            $scope.webconfig.base_url.$setValidity('url', false);
+                        }
+
+                        if (!$scope.validateUrl.result.successSecureUrl) {
+                            $scope.webconfig.submitted = true;
+                            $scope.webconfig.https.$setValidity('url', false);
+                        }
+                    }, function errorCallback(resp) {
+                        $scope.validateUrl.failed = resp.data;
+                    });
+            }
+        };
     }]);