Merge remote-tracking branch 'origin/MC-24196' into borg-2.4.0

Author: nathanjosiah

app/code/Magento/Cms/Model/Template/Filter.php

@@ -5,8 +5,6 @@
  */
 namespace Magento\Cms\Model\Template;
 
-use Magento\Framework\Exception\LocalizedException;
-
 /**
  * Cms Template Filter Model
  */
@@ -41,8 +39,8 @@ public function mediaDirective($construction)
     {
         // phpcs:ignore Magento2.Functions.DiscouragedFunction
         $params = $this->getParameters(html_entity_decode($construction[2], ENT_QUOTES));
-        if (preg_match('/\.\.(\\\|\/)/', $params['url'])) {
-            throw new \InvalidArgumentException('Image path must be absolute');
+        if (preg_match('/(^.*:\/\/.*|\.\.\/.*)/', $params['url'])) {
+            throw new \InvalidArgumentException('Image path must be absolute and not include URLs');
         }
 
         return $this->_storeManager->getStore()->getBaseMediaDir() . '/' . $params['url'];

app/code/Magento/Cms/Test/Unit/Model/Template/FilterTest.php

@@ -105,4 +105,24 @@ public function testMediaDirectiveRelativePath()
             ->willReturn($baseMediaDir);
         $this->filter->mediaDirective($construction);
     }
+
+    /**
+     * Test using media directive with a URL path including schema.
+     *
+     * @covers \Magento\Cms\Model\Template\Filter::mediaDirective
+     * @expectedException \InvalidArgumentException
+     */
+    public function testMediaDirectiveURL()
+    {
+        $baseMediaDir = 'pub/media';
+        $construction = [
+            '{{media url="http://wysiwyg/images/image.jpg"}}',
+            'media',
+            ' url="http://wysiwyg/images/../image.jpg"'
+        ];
+        $this->storeMock->expects($this->any())
+            ->method('getBaseMediaDir')
+            ->willReturn($baseMediaDir);
+        $this->filter->mediaDirective($construction);
+    }
 }

app/code/Magento/Email/Model/Template/Filter.php

@@ -6,8 +6,9 @@
 namespace Magento\Email\Model\Template;
 
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Exception\MailException;
+use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\Filesystem;
-use Magento\Framework\Filesystem\Directory\ReadInterface;
 use Magento\Framework\Filter\VariableResolverInterface;
 use Magento\Framework\View\Asset\ContentProcessorException;
 use Magento\Framework\View\Asset\ContentProcessorInterface;
@@ -734,27 +735,32 @@ public function modifierEscape($value, $type = 'html')
      *     {{protocol store="1"}} - Optional parameter which gets protocol from provide store based on store ID or code
      *
      * @param string[] $construction
-     * @throws \Magento\Framework\Exception\MailException
      * @return string
+     * @throws MailException
+     * @throws NoSuchEntityException
      */
     public function protocolDirective($construction)
     {
         $params = $this->getParameters($construction[2]);
+
         $store = null;
         if (isset($params['store'])) {
             try {
                 $store = $this->_storeManager->getStore($params['store']);
             } catch (\Exception $e) {
-                throw new \Magento\Framework\Exception\MailException(
+                throw new MailException(
                     __('Requested invalid store "%1"', $params['store'])
                 );
             }
         }
+
         $isSecure = $this->_storeManager->getStore($store)->isCurrentlySecure();
         $protocol = $isSecure ? 'https' : 'http';
         if (isset($params['url'])) {
             return $protocol . '://' . $params['url'];
         } elseif (isset($params['http']) && isset($params['https'])) {
+            $this->validateProtocolDirectiveHttpScheme($params);
+
             if ($isSecure) {
                 return $params['https'];
             }
@@ -764,6 +770,37 @@ public function protocolDirective($construction)
         return $protocol;
     }
 
+    /**
+     * Validate protocol directive HTTP parameters.
+     *
+     * @param string[] $params
+     * @return void
+     * @throws MailException
+     */
+    private function validateProtocolDirectiveHttpScheme(array $params) : void
+    {
+        $parsed_http = parse_url($params['http']);
+        $parsed_https = parse_url($params['https']);
+
+        if (empty($parsed_http)) {
+            throw new MailException(
+                __('Contents of %1 could not be loaded or is empty', $params['http'])
+            );
+        } elseif (empty($parsed_https)) {
+            throw new MailException(
+                __('Contents of %1 could not be loaded or is empty', $params['https'])
+            );
+        } elseif ($parsed_http['scheme'] !== 'http') {
+            throw new MailException(
+                __('Contents of %1 could not be loaded or is empty', $params['http'])
+            );
+        } elseif ($parsed_https['scheme'] !== 'https') {
+            throw new MailException(
+                __('Contents of %1 could not be loaded or is empty', $params['https'])
+            );
+        }
+    }
+
     /**
      * Store config directive
      *

app/code/Magento/Email/Test/Unit/Model/Template/FilterTest.php

@@ -12,7 +12,8 @@
 use Magento\Email\Model\Template\Filter;
 use Magento\Framework\App\Area;
 use Magento\Framework\App\Filesystem\DirectoryList;
-use Magento\Framework\Filesystem\Directory\ReadInterface;
+use Magento\Framework\Exception\MailException;
+use Magento\Framework\Exception\NoSuchEntityException;
 use Magento\Framework\View\Asset\File\FallbackContext;
 
 /**
@@ -194,20 +195,16 @@ protected function setUp()
                 ->getMock();
 
         $this->directiveProcessors = [
-            'depend' =>
-                $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\DependDirective::class)
+            'depend' => $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\DependDirective::class)
                     ->disableOriginalConstructor()
                     ->getMock(),
-            'if' =>
-                $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\IfDirective::class)
+            'if' => $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\IfDirective::class)
                     ->disableOriginalConstructor()
                     ->getMock(),
-            'template' =>
-                $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\TemplateDirective::class)
+            'template' => $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\TemplateDirective::class)
                     ->disableOriginalConstructor()
                     ->getMock(),
-            'legacy' =>
-                $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\LegacyDirective::class)
+            'legacy' => $this->getMockBuilder(\Magento\Framework\Filter\DirectiveProcessor\LegacyDirective::class)
                     ->disableOriginalConstructor()
                     ->getMock(),
         ];
@@ -432,4 +429,42 @@ public function testConfigDirectiveUnavailable()
 
         $this->assertEquals($scopeConfigValue, $this->getModel()->configDirective($construction));
     }
+
+    /**
+     * @throws MailException
+     * @throws NoSuchEntityException
+     */
+    public function testProtocolDirectiveWithValidSchema()
+    {
+        $model = $this->getModel();
+        $storeMock = $this->createMock(\Magento\Store\Model\Store::class);
+        $storeMock->expects($this->once())->method('isCurrentlySecure')->willReturn(true);
+        $this->storeManager->expects($this->once())->method('getStore')->willReturn($storeMock);
+
+        $data = [
+            "{{protocol http=\"http://url\" https=\"https://url\"}}",
+            "protocol",
+            " http=\"http://url\" https=\"https://url\""
+        ];
+        $this->assertEquals('https://url', $model->protocolDirective($data));
+    }
+
+    /**
+     * @expectedException \Magento\Framework\Exception\MailException
+     * @throws NoSuchEntityException
+     */
+    public function testProtocolDirectiveWithInvalidSchema()
+    {
+        $model = $this->getModel();
+        $storeMock = $this->createMock(\Magento\Store\Model\Store::class);
+        $storeMock->expects($this->once())->method('isCurrentlySecure')->willReturn(true);
+        $this->storeManager->expects($this->once())->method('getStore')->willReturn($storeMock);
+
+        $data = [
+            "{{protocol http=\"https://url\" https=\"http://url\"}}",
+            "protocol",
+            " http=\"https://url\" https=\"http://url\""
+        ];
+        $model->protocolDirective($data);
+    }
 }

app/code/Magento/Ui/Controller/Index/Render.php

@@ -105,6 +105,8 @@ public function execute()
 
                 $contentType = $this->contentTypeResolver->resolve($component->getContext());
                 $this->getResponse()->setHeader('Content-Type', $contentType, true);
+
+                return;
             } else {
                 /** @var \Magento\Framework\Controller\Result\Json $resultJson */
                 $resultJson = $this->resultJsonFactory->create();

dev/tests/static/testsuite/Magento/Test/Php/_files/phpstan/blacklist/common.txt

@@ -5,6 +5,7 @@
 # dev/tests/static/framework/bootstrap.php
 lib/internal/Magento/Framework/Interception/Test/Unit/Config/ConfigTest.php
 lib/internal/Magento/Framework/Cache/Backend/Eaccelerator.php
+lib/internal/Magento/Framework/Image/Adapter/ImageMagick.php
 dev/tests/integration/framework/deployTestModules.php
 dev/tests/integration/testsuite/Magento/Framework/Session/ConfigTest.php
 dev/tests/integration/testsuite/Magento/Framework/Session/SessionManagerTest.php

lib/internal/Magento/Framework/Image/Adapter/Gd2.php

@@ -60,7 +60,7 @@ protected function _reset()
      */
     public function open($filename)
     {
-        if (!$filename || filesize($filename) === 0) {
+        if (!$filename || filesize($filename) === 0 || !$this->validateURLScheme($filename)) {
             throw new \InvalidArgumentException('Wrong file');
         }
         $this->_fileName = $filename;
@@ -87,6 +87,23 @@ public function open($filename)
         }
     }
 
+    /**
+     * Checks for invalid URL schema if it exists
+     *
+     * @param string $filename
+     * @return bool
+     */
+    private function validateURLScheme(string $filename) : bool
+    {
+        $allowed_schemes = ['ftp', 'ftps', 'http', 'https'];
+        $url = parse_url($filename);
+        if ($url && isset($url['scheme']) && !in_array($url['scheme'], $allowed_schemes)) {
+            return false;
+        }
+
+        return true;
+    }
+
     /**
      * Checks whether memory limit is reached.
      *

lib/internal/Magento/Framework/Image/Adapter/ImageMagick.php

@@ -5,6 +5,9 @@
  */
 namespace Magento\Framework\Image\Adapter;
 
+/**
+ * ImageMagick adapter.
+ */
 class ImageMagick extends \Magento\Framework\Image\Adapter\AbstractAdapter
 {
     /**
@@ -70,13 +73,18 @@ public function backgroundColor($color = null)
      */
     public function open($filename)
     {
+        if (!empty($filename) && !$this->validateURLScheme($filename)) {
+            throw new \InvalidArgumentException('Wrong file');
+        }
+
         $this->_fileName = $filename;
         $this->_checkCanProcess();
         $this->_getFileAttributes();
 
         try {
             $this->_imageHandler = new \Imagick($this->_fileName);
         } catch (\ImagickException $e) {
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
             throw new \Exception(sprintf('Unsupported image format. File: %s', $this->_fileName), $e->getCode(), $e);
         }
 
@@ -85,8 +93,24 @@ public function open($filename)
     }
 
     /**
-     * Save image to specific path.
-     * If some folders of path does not exist they will be created
+     * Checks for invalid URL schema if it exists
+     *
+     * @param string $filename
+     * @return bool
+     */
+    private function validateURLScheme(string $filename) : bool
+    {
+        $allowed_schemes = ['ftp', 'ftps', 'http', 'https'];
+        $url = parse_url($filename);
+        if ($url && isset($url['scheme']) && !in_array($url['scheme'], $allowed_schemes)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * Save image to specific path. If some folders of path does not exist they will be created
      *
      * @param null|string $destination
      * @param null|string $newName
@@ -124,6 +148,8 @@ protected function _applyOptions()
     }
 
     /**
+     * Render image and return its binary contents
+     *
      * @see \Magento\Framework\Image\Adapter\AbstractAdapter::getImage
      * @return string
      */
@@ -134,11 +160,12 @@ public function getImage()
     }
 
     /**
-     * Change the image size
+     * Change the image size.
      *
      * @param null|int $frameWidth
      * @param null|int $frameHeight
      * @return void
+     * @throws \ImagickException
      */
     public function resize($frameWidth = null, $frameHeight = null)
     {
@@ -333,6 +360,7 @@ public function watermark($imagePath, $positionX = 0, $positionY = 0, $opacity =
                 );
             }
         } catch (\ImagickException $e) {
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
             throw new \Exception('Unable to create watermark.', $e->getCode(), $e);
         }
 
@@ -351,6 +379,7 @@ public function watermark($imagePath, $positionX = 0, $positionY = 0, $opacity =
     public function checkDependencies()
     {
         if (!class_exists('\Imagick', false)) {
+            //phpcs:ignore Magento2.Exceptions.DirectThrow
             throw new \Exception("Required PHP extension 'Imagick' was not loaded.");
         }
     }

lib/internal/Magento/Framework/Image/Test/Unit/Adapter/Gd2Test.php

@@ -151,4 +151,12 @@ public function testOpenDifferentTypes()
 
         $this->assertNotEquals($type1, $type2);
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     */
+    public function testOpenInvalidURL()
+    {
+        $this->adapter->open('bar://foo.bar');
+    }
 }

lib/internal/Magento/Framework/Image/Test/Unit/Adapter/ImageMagickTest.php

@@ -91,4 +91,12 @@ public function testSaveWithException()
         $this->loggerMock->expects($this->once())->method('critical')->with($exception);
         $this->imageMagic->save('product/cache', 'sample.jpg');
     }
+
+    /**
+     * @expectedException \InvalidArgumentException
+     */
+    public function testOpenInvalidUrl()
+    {
+        $this->imageMagic->open('bar://foo.bar');
+    }
 }